[dpdk-dev,v3,1/6] lib/cryptodev: add asymmetric algos in cryptodev
Checks
Commit Message
Add rte_crypto_asym.h with supported xfrms
and associated op structures and APIs
API currently supports:
- RSA Encrypt, Decrypt, Sign and Verify
- Modular Exponentiation and Inversion
- DSA Sign and Verify
- Deffie-hellman private key exchange
- Deffie-hellman public key exchange
- Deffie-hellman shared secret compute
- Deffie-hellman public/private key pair generation
using xform chain
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
Signed-off-by: Sunila Sahu <sunila.sahu@caviumnetworks.com>
Signed-off-by: Ashish Gupta <ashish.gupta@caviumnetworks.com>
---
lib/librte_cryptodev/Makefile | 2 +-
lib/librte_cryptodev/meson.build | 3 +-
lib/librte_cryptodev/rte_crypto_asym.h | 519 +++++++++++++++++++++++++++++++++
3 files changed, 522 insertions(+), 2 deletions(-)
Comments
Hi Shally,
> -----Original Message-----
> From: Shally Verma [mailto:shally.verma@caviumnetworks.com]
> Sent: Wednesday, May 16, 2018 7:05 AM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
> dev@dpdk.org; pathreya@caviumnetworks.com; Sunila Sahu
> <sunila.sahu@caviumnetworks.com>; Ashish Gupta
> <ashish.gupta@caviumnetworks.com>
> Subject: [PATCH v3 1/6] lib/cryptodev: add asymmetric algos in cryptodev
>
> Add rte_crypto_asym.h with supported xfrms and associated op structures and
> APIs
>
> API currently supports:
> - RSA Encrypt, Decrypt, Sign and Verify
> - Modular Exponentiation and Inversion
> - DSA Sign and Verify
> - Deffie-hellman private key exchange
> - Deffie-hellman public key exchange
> - Deffie-hellman shared secret compute
> - Deffie-hellman public/private key pair generation using xform chain
>
> Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
> Signed-off-by: Sunila Sahu <sunila.sahu@caviumnetworks.com>
> Signed-off-by: Ashish Gupta <ashish.gupta@caviumnetworks.com>
I have some comments below, but apart from those, could you send a rebased version of this API?
Thanks,
Pablo
> ---
> lib/librte_cryptodev/Makefile | 2 +-
> lib/librte_cryptodev/meson.build | 3 +-
> lib/librte_cryptodev/rte_crypto_asym.h | 519
> +++++++++++++++++++++++++++++++++
> 3 files changed, 522 insertions(+), 2 deletions(-)
>
> diff --git a/lib/librte_cryptodev/Makefile b/lib/librte_cryptodev/Makefile index
> bba8dee9f..138e627dc 100644
> --- a/lib/librte_cryptodev/Makefile
> +++ b/lib/librte_cryptodev/Makefile
> @@ -23,7 +23,7 @@ SYMLINK-y-include += rte_crypto.h SYMLINK-y-include +=
> rte_crypto_sym.h SYMLINK-y-include += rte_cryptodev.h SYMLINK-y-include +=
> rte_cryptodev_pmd.h
> -
> +SYMLINK-y-include += rte_crypto_asym.h
Leave the blank space that was present before.
> # versioning export map
> EXPORT_MAP := rte_cryptodev_version.map
>
...
> --- /dev/null
> +++ b/lib/librte_cryptodev/rte_crypto_asym.h
...
> +
> +#include <string.h>
> +#include <stdint.h>
Leave a blank space between non-DPDK and DPDK libraries.
> +#include <rte_memory.h>
> +#include <rte_mempool.h>
> +#include <rte_common.h>
> +
...
> +struct rte_crypto_rsa_xform {
> + rte_crypto_param n;
> + /**< n - Prime modulus
> + * Prime modulus data of RSA operation in Octet-string network
> + * byte order format.
> + */
> +
> + rte_crypto_param e;
> + /**< e - Public key exponent
> + * Public key exponent used for RSA public key operations in Octet-
> + * string network byte order format.
> + */
> +
> + enum rte_crypto_rsa_priv_key_type key_type;
> +
Needs RTE_STD_C11/extension, before the union.
> + union {
> + rte_crypto_param d;
> + /**< d - Private key exponent
> + * Private key exponent used for RSA
> + * private key operations in
> + * Octet-string network byte order format.
> + */
> +
> + struct rte_crypto_rsa_priv_key_qt qt;
> + /**< qt - Private key in quintuple format */
> + };
> +};
...
> +/**
> + * Asymmetric Cryptographic Operation.
> + *
> + * Structure describing asymmetric crypto operation params.
> + *
> + */
> +struct rte_crypto_asym_op {
> + struct rte_cryptodev_asym_session *session;
> + /**< Handle for the initialised session context */
> +
Looking at the xform structure, it looks like a chain of xforms is possible.
Looking at this union, this case wouldn't be possible, as only one item from the union can be set.
> + __extension__
> + union {
> + struct rte_crypto_rsa_op_param rsa;
> + struct rte_crypto_mod_op_param modex;
> + struct rte_crypto_mod_op_param modinv;
> + struct rte_crypto_dh_op_param dh;
> + struct rte_crypto_dsa_op_param dsa;
> + };
> +} __rte_cache_aligned;
> +
> +/**
> + * Reset the fields of an asymmetric operation to their default values.
> + *
> + * @param op The crypto operation to be reset.
> + */
> +static inline void
> +__rte_crypto_asym_op_reset(struct rte_crypto_asym_op *op) {
> + memset(op, 0, sizeof(*op));
> +}
> +
> +/**
> + * Attach a session to an asymmetric crypto operation
> + *
> + * @param asym_op crypto operation
> + * @param sess cryptodev session
> + */
> +static inline int
> +__rte_crypto_op_attach_asym_session(struct rte_crypto_asym_op *asym_op,
> + struct rte_cryptodev_asym_session *sess) {
> + asym_op->session = sess;
> + return 0;
> +}
I think we should get rid of these two functions, as they are just one line, used just once in the code.
I know it is also done in symmetric, I think it can be removed from there too.
> +
> +#ifdef __cplusplus
> +}
> +#endif
> +
> +#endif /* _RTE_CRYPTO_ASYM_H_ */
> --
> 2.14.3
Hi Pablo
>-----Original Message-----
>From: De Lara Guarch, Pablo [mailto:pablo.de.lara.guarch@intel.com]
>Sent: 15 June 2018 14:10
>To: Verma, Shally <Shally.Verma@cavium.com>
>Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com; dev@dpdk.org; Athreya, Narayana Prasad
><NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
>Subject: RE: [PATCH v3 1/6] lib/cryptodev: add asymmetric algos in cryptodev
>
//snip
>
>...
>
>> +/**
>> + * Asymmetric Cryptographic Operation.
>> + *
>> + * Structure describing asymmetric crypto operation params.
>> + *
>> + */
>> +struct rte_crypto_asym_op {
>> + struct rte_cryptodev_asym_session *session;
>> + /**< Handle for the initialised session context */
>> +
>
>Looking at the xform structure, it looks like a chain of xforms is possible.
>Looking at this union, this case wouldn't be possible, as only one item from the union can be set.
[Shally] xforms, which support chaining, would need to have op_type in their respective xform struct.
Example struct rte_crypto_dh_xform, where app can chain Deffie-hellman public and/or shared secret compute and DSA sign compute.
+struct rte_crypto_dh_xform {
+ enum rte_crypto_asym_op_type type;
+ /**< Setup xform for key generate or shared secret compute */ and DSA xforms struct
test_cryptodev_asym illustrates how to setup chained dh+dsa ops.
Thanks
Shally
>
//snip
Hi Shally,
> -----Original Message-----
> From: Verma, Shally [mailto:Shally.Verma@cavium.com]
> Sent: Friday, June 22, 2018 4:39 PM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
> dev@dpdk.org; Athreya, Narayana Prasad
> <NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila
> <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
> Subject: RE: [PATCH v3 1/6] lib/cryptodev: add asymmetric algos in cryptodev
>
> Hi Pablo
>
> >-----Original Message-----
> >From: De Lara Guarch, Pablo [mailto:pablo.de.lara.guarch@intel.com]
> >Sent: 15 June 2018 14:10
> >To: Verma, Shally <Shally.Verma@cavium.com>
> >Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
> >dev@dpdk.org; Athreya, Narayana Prasad
> ><NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila
> ><Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
> >Subject: RE: [PATCH v3 1/6] lib/cryptodev: add asymmetric algos in
> >cryptodev
> >
> //snip
>
> >
> >...
> >
> >> +/**
> >> + * Asymmetric Cryptographic Operation.
> >> + *
> >> + * Structure describing asymmetric crypto operation params.
> >> + *
> >> + */
> >> +struct rte_crypto_asym_op {
> >> + struct rte_cryptodev_asym_session *session;
> >> + /**< Handle for the initialised session context */
> >> +
> >
> >Looking at the xform structure, it looks like a chain of xforms is possible.
> >Looking at this union, this case wouldn't be possible, as only one item from the
> union can be set.
>
> [Shally] xforms, which support chaining, would need to have op_type in their
> respective xform struct.
> Example struct rte_crypto_dh_xform, where app can chain Deffie-hellman
> public and/or shared secret compute and DSA sign compute.
>
> +struct rte_crypto_dh_xform {
> + enum rte_crypto_asym_op_type type;
> + /**< Setup xform for key generate or shared secret compute */ and DSA
> +xforms struct
>
> test_cryptodev_asym illustrates how to setup chained dh+dsa ops.
Are you talking about test_dh_gen_kp? Because this is the only function
where I see that there is a chain of xforms.
In this case, both xforms are the same type (RTE_CRYPTO_ASYM_XFORM_DH),
and the operation only sets parameters for rte_crypto_dh_op_param.
I would expect that dh_op_param and dsa_op_param would need to be set, which couldn't be done.
Thanks,
Pablo
>
> Thanks
> Shally
>
>
> >
> //snip
>-----Original Message-----
>From: De Lara Guarch, Pablo [mailto:pablo.de.lara.guarch@intel.com]
>Sent: 26 June 2018 03:04
>To: Verma, Shally <Shally.Verma@cavium.com>
>Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com; dev@dpdk.org; Athreya, Narayana Prasad
><NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
>Subject: RE: [PATCH v3 1/6] lib/cryptodev: add asymmetric algos in cryptodev
>
>External Email
>
>Hi Shally,
>
>> -----Original Message-----
>> From: Verma, Shally [mailto:Shally.Verma@cavium.com]
>> Sent: Friday, June 22, 2018 4:39 PM
>> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
>> Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
>> dev@dpdk.org; Athreya, Narayana Prasad
>> <NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila
>> <Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
>> Subject: RE: [PATCH v3 1/6] lib/cryptodev: add asymmetric algos in cryptodev
>>
>> Hi Pablo
>>
>> >-----Original Message-----
>> >From: De Lara Guarch, Pablo [mailto:pablo.de.lara.guarch@intel.com]
>> >Sent: 15 June 2018 14:10
>> >To: Verma, Shally <Shally.Verma@cavium.com>
>> >Cc: Trahe, Fiona <fiona.trahe@intel.com>; akhil.goyal@nxp.com;
>> >dev@dpdk.org; Athreya, Narayana Prasad
>> ><NarayanaPrasad.Athreya@cavium.com>; Sahu, Sunila
>> ><Sunila.Sahu@cavium.com>; Gupta, Ashish <Ashish.Gupta@cavium.com>
>> >Subject: RE: [PATCH v3 1/6] lib/cryptodev: add asymmetric algos in
>> >cryptodev
>> >
>> //snip
>>
>> >
>> >...
>> >
>> >> +/**
>> >> + * Asymmetric Cryptographic Operation.
>> >> + *
>> >> + * Structure describing asymmetric crypto operation params.
>> >> + *
>> >> + */
>> >> +struct rte_crypto_asym_op {
>> >> + struct rte_cryptodev_asym_session *session;
>> >> + /**< Handle for the initialised session context */
>> >> +
>> >
>> >Looking at the xform structure, it looks like a chain of xforms is possible.
>> >Looking at this union, this case wouldn't be possible, as only one item from the
>> union can be set.
>>
>> [Shally] xforms, which support chaining, would need to have op_type in their
>> respective xform struct.
>> Example struct rte_crypto_dh_xform, where app can chain Deffie-hellman
>> public and/or shared secret compute and DSA sign compute.
>>
>> +struct rte_crypto_dh_xform {
>> + enum rte_crypto_asym_op_type type;
>> + /**< Setup xform for key generate or shared secret compute */ and DSA
>> +xforms struct
>>
>> test_cryptodev_asym illustrates how to setup chained dh+dsa ops.
>
>Are you talking about test_dh_gen_kp? Because this is the only function
>where I see that there is a chain of xforms.
>In this case, both xforms are the same type (RTE_CRYPTO_ASYM_XFORM_DH),
>and the operation only sets parameters for rte_crypto_dh_op_param.
[Shally] Ya you right. Testapp illustrates chaining for dh public and private key pair generation. Not DH followed by DSA.
Currently, DH key pair generation was only identified requirement for chaining, so only that is illustrated. If other xforms are to be extended for chaining,
then respective struct might need modification based on exact requirement.
>I would expect that dh_op_param and dsa_op_param would need to be set, which couldn't be done.
[Shally] No change would be required in either. if app want to DSA sign data using internally generated DH private key, then PMD input DH params and setup DSA to use key generated by DH. In such case, since end operation is DSA_SIGN, so app will enqueue only DSA op with op_type = DSA_SIGN and respective dsa_op_param for processing.
>
>Thanks,
>Pablo
>
>>
>> Thanks
>> Shally
>>
>>
>> >
>> //snip
@@ -23,7 +23,7 @@ SYMLINK-y-include += rte_crypto.h
SYMLINK-y-include += rte_crypto_sym.h
SYMLINK-y-include += rte_cryptodev.h
SYMLINK-y-include += rte_cryptodev_pmd.h
-
+SYMLINK-y-include += rte_crypto_asym.h
# versioning export map
EXPORT_MAP := rte_cryptodev_version.map
@@ -6,5 +6,6 @@ sources = files('rte_cryptodev.c', 'rte_cryptodev_pmd.c')
headers = files('rte_cryptodev.h',
'rte_cryptodev_pmd.h',
'rte_crypto.h',
- 'rte_crypto_sym.h')
+ 'rte_crypto_sym.h',
+ 'rte_crypto_asym.h')
deps += ['kvargs', 'mbuf']
new file mode 100644
@@ -0,0 +1,519 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2017-2018 Cavium Networks
+ */
+
+#ifndef _RTE_CRYPTO_ASYM_H_
+#define _RTE_CRYPTO_ASYM_H_
+
+/**
+ * @file rte_crypto_asym.h
+ *
+ * RTE Definitions for Asymmetric Cryptography
+ *
+ * Defines asymmetric algorithms and modes, as well as supported
+ * asymmetric crypto operations.
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <string.h>
+#include <stdint.h>
+#include <rte_memory.h>
+#include <rte_mempool.h>
+#include <rte_common.h>
+
+typedef struct rte_crypto_param_t {
+ uint8_t *data;
+ /**< pointer to buffer holding data */
+ rte_iova_t iova;
+ /**< IO address of data buffer */
+ size_t length;
+ /**< length of data in bytes */
+} rte_crypto_param;
+
+/** asym xform type name strings */
+extern const char *
+rte_crypto_asym_xform_strings[];
+
+/** asym operations type name strings */
+extern const char *
+rte_crypto_asym_op_strings[];
+
+/**
+ * Asymmetric crypto transformation types.
+ * Each xform type maps to one asymmetric algorithm
+ * performing specific operation
+ *
+ */
+enum rte_crypto_asym_xform_type {
+ RTE_CRYPTO_ASYM_XFORM_UNSPECIFIED = 0,
+ /**< Invalid xform. */
+ RTE_CRYPTO_ASYM_XFORM_NONE,
+ /**< Xform type None.
+ * May be supported by PMD to support
+ * passthrough op for debugging purpose.
+ * if xform_type none , op_type is disregarded.
+ */
+ RTE_CRYPTO_ASYM_XFORM_RSA,
+ /**< RSA. Performs Encrypt, Decrypt, Sign and Verify.
+ * Refer to rte_crypto_asym_op_type
+ */
+ RTE_CRYPTO_ASYM_XFORM_DH,
+ /**< Deffie-Hellman.
+ * Performs Key Generate and Shared Secret Compute.
+ * Refer to rte_crypto_asym_op_type
+ */
+ RTE_CRYPTO_ASYM_XFORM_DSA,
+ /**< Digital Signature Algorithm
+ * Performs Signature Generation and Verification.
+ * Refer to rte_crypto_asym_op_type
+ */
+ RTE_CRYPTO_ASYM_XFORM_MODINV,
+ /**< Modular Inverse
+ * Perform Modulus inverse b^(-1) mod n
+ */
+ RTE_CRYPTO_ASYM_XFORM_MODEX,
+ /**< Modular Exponentiation
+ * Perform Modular Exponentiation b^e mod n
+ */
+ RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
+ /**< End of list */
+};
+
+/**
+ * Asymmetric crypto operation type variants
+ */
+enum rte_crypto_asym_op_type {
+ RTE_CRYPTO_ASYM_OP_ENCRYPT,
+ /**< Asymmetric Encrypt operation */
+ RTE_CRYPTO_ASYM_OP_DECRYPT,
+ /**< Asymmetric Decrypt operation */
+ RTE_CRYPTO_ASYM_OP_SIGN,
+ /**< Signature Generation operation */
+ RTE_CRYPTO_ASYM_OP_VERIFY,
+ /**< Signature Verification operation */
+ RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE,
+ /**< DH Private Key generation operation */
+ RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE,
+ /**< DH Public Key generation operation */
+ RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE,
+ /**< DH Shared Secret compute operation */
+ RTE_CRYPTO_ASYM_OP_LIST_END
+};
+
+/**
+ * Padding types for RSA signature.
+ */
+enum rte_crypto_rsa_padding_type {
+ RTE_CRYPTO_RSA_PADDING_NONE = 0,
+ /**< RSA no padding scheme */
+ RTE_CRYPTO_RSA_PKCS1_V1_5_BT0,
+ /**< RSA PKCS#1 V1.5 Block Type 0 padding scheme
+ * as descibed in rfc2313
+ */
+ RTE_CRYPTO_RSA_PKCS1_V1_5_BT1,
+ /**< RSA PKCS#1 V1.5 Block Type 01 padding scheme
+ * as descibed in rfc2313
+ */
+ RTE_CRYPTO_RSA_PKCS1_V1_5_BT2,
+ /**< RSA PKCS#1 V1.5 Block Type 02 padding scheme
+ * as descibed in rfc2313
+ */
+ RTE_CRYPTO_RSA_PADDING_OAEP,
+ /**< RSA PKCS#1 OAEP padding scheme */
+ RTE_CRYPTO_RSA_PADDING_PSS,
+ /**< RSA PKCS#1 PSS padding scheme */
+ RTE_CRYPTO_RSA_PADDING_TYPE_LIST_END
+};
+
+/**
+ * RSA private key type enumeration
+ *
+ * enumerates private key format required to perform RSA crypto
+ * transform.
+ *
+ */
+enum rte_crypto_rsa_priv_key_type {
+ RTE_RSA_KEY_TYPE_EXP,
+ /**< RSA private key is an exponent */
+ RTE_RSA_KET_TYPE_QT,
+ /**< RSA private key is in quintuple format
+ * See rte_crypto_rsa_priv_key_qt
+ */
+};
+
+/**
+ * Structure describing RSA private key in quintuple format.
+ * See PKCS V1.5 RSA Cryptography Standard.
+ */
+struct rte_crypto_rsa_priv_key_qt {
+ rte_crypto_param p;
+ /**< p - Private key component P
+ * Private key component of RSA parameter required for CRT method
+ * of private key operations in Octet-string network byte order
+ * format.
+ */
+
+ rte_crypto_param q;
+ /**< q - Private key component Q
+ * Private key component of RSA parameter required for CRT method
+ * of private key operations in Octet-string network byte order
+ * format.
+ */
+
+ rte_crypto_param dP;
+ /**< dP - Private CRT component
+ * Private CRT component of RSA parameter required for CRT method
+ * RSA private key operations in Octet-string network byte order
+ * format.
+ * dP = d mod ( p - 1 )
+ */
+
+ rte_crypto_param dQ;
+ /**< dQ - Private CRT component
+ * Private CRT component of RSA parameter required for CRT method
+ * RSA private key operations in Octet-string network byte order
+ * format.
+ * dQ = d mod ( q - 1 )
+ */
+
+ rte_crypto_param qInv;
+ /**< qInv - Private CRT component
+ * Private CRT component of RSA parameter required for CRT method
+ * RSA private key operations in Octet-string network byte order
+ * format.
+ * qInv = inv q mod p
+ */
+};
+
+/**
+ * Asymmetric RSA transform data
+ *
+ * Structure describing RSA xform params
+ *
+ */
+struct rte_crypto_rsa_xform {
+ rte_crypto_param n;
+ /**< n - Prime modulus
+ * Prime modulus data of RSA operation in Octet-string network
+ * byte order format.
+ */
+
+ rte_crypto_param e;
+ /**< e - Public key exponent
+ * Public key exponent used for RSA public key operations in Octet-
+ * string network byte order format.
+ */
+
+ enum rte_crypto_rsa_priv_key_type key_type;
+
+ union {
+ rte_crypto_param d;
+ /**< d - Private key exponent
+ * Private key exponent used for RSA
+ * private key operations in
+ * Octet-string network byte order format.
+ */
+
+ struct rte_crypto_rsa_priv_key_qt qt;
+ /**< qt - Private key in quintuple format */
+ };
+};
+
+/**
+ * Asymmetric Modular exponentiation transform data
+ *
+ * Structure describing modular exponentation xform param
+ *
+ */
+struct rte_crypto_modex_xform {
+ rte_crypto_param modulus;
+ /**< modulus
+ * Prime modulus of the modexp transform operation in octet-string
+ * network byte order format.
+ */
+
+ rte_crypto_param exponent;
+ /**< exponent
+ * Private exponent of the modexp transform operation in
+ * octet-string network byte order format.
+ */
+};
+
+/**
+ * Asymmetric modular inverse transform operation
+ *
+ * Structure describing modulus inverse xform params
+ *
+ */
+struct rte_crypto_modinv_xform {
+ rte_crypto_param modulus;
+ /**<
+ * Pointer to the prime modulus data for modular
+ * inverse operation in octet-string network byte
+ * order format.
+ */
+};
+
+/**
+ * Asymmetric DH transform data
+ *
+ * Structure describing deffie-hellman xform params
+ *
+ */
+struct rte_crypto_dh_xform {
+ enum rte_crypto_asym_op_type type;
+ /**< Setup xform for key generate or shared secret compute */
+
+ rte_crypto_param p;
+ /**< p : Prime modulus data
+ * DH prime modulous data in octet-string network byte order format.
+ *
+ */
+
+ rte_crypto_param g;
+ /**< g : Generator
+ * DH group generator data in octet-string network byte order
+ * format.
+ *
+ */
+};
+
+/**
+ * Asymmetric Digital Signature transform operation
+ *
+ * Structure describing DSA xform params
+ *
+ */
+struct rte_crypto_dsa_xform {
+ rte_crypto_param p;
+ /**< p - Prime modulus
+ * Prime modulus data for DSA operation in Octet-string network byte
+ * order format.
+ */
+ rte_crypto_param q;
+ /**< q : Order of the subgroup.
+ * Order of the subgroup data in Octet-string network byte order
+ * format.
+ * (p-1) % q = 0
+ */
+ rte_crypto_param g;
+ /**< g: Generator of the subgroup
+ * Generator data in Octet-string network byte order format.
+ */
+ rte_crypto_param x;
+ /**< x: Private key of the signer in octet-string network
+ * byte order format.
+ * Used when app has pre-defined private key.
+ * Valid only when xform chain is DSA ONLY.
+ * if xform chain is DH private key generate + DSA, then DSA sign
+ * compute will use internally generated key.
+ */
+};
+
+/**
+ * Operations params for modular operations:
+ * exponentiation and invert
+ *
+ */
+struct rte_crypto_mod_op_param {
+ rte_crypto_param base;
+ /**<
+ * Pointer to base of modular exponentiation/inversion data in
+ * Octet-string network byte order format.
+ */
+};
+
+/**
+ * Asymmetric crypto transform data
+ *
+ * Structure describing asym xforms.
+ */
+struct rte_crypto_asym_xform {
+ struct rte_crypto_asym_xform *next;
+ /**< Pointer to next xform to set up xform chain.*/
+ enum rte_crypto_asym_xform_type xform_type;
+ /**< Asymmetric crypto transform */
+
+ __extension__
+ union {
+ struct rte_crypto_rsa_xform rsa;
+ /**< RSA xform parameters */
+
+ struct rte_crypto_modex_xform modex;
+ /**< Modular Exponentiation xform parameters */
+
+ struct rte_crypto_modinv_xform modinv;
+ /**< Modulus Inverse xform parameters */
+
+ struct rte_crypto_dh_xform dh;
+ /**< DH xform parameters */
+
+ struct rte_crypto_dsa_xform dsa;
+ /**< DSA xform parameters */
+ };
+};
+
+struct rte_cryptodev_asym_session;
+
+/**
+ * RSA operation params
+ *
+ */
+struct rte_crypto_rsa_op_param {
+ enum rte_crypto_asym_op_type op_type;
+ /**< Type of RSA operation for transform */;
+
+ rte_crypto_param message;
+ /**<
+ * Pointer to data
+ * - to be encrypted for RSA public encrypt.
+ * - to be decrypted for RSA private decrypt.
+ * - to be signed for RSA sign generation.
+ * - to be authenticated for RSA sign verification.
+ */
+
+ rte_crypto_param sign;
+ /**<
+ * Pointer to RSA signature data. If operation is RSA
+ * sign @ref RTE_CRYPTO_RSA_OP_SIGN, buffer will be
+ * over-written with generated signature.
+ *
+ * Length of the signature data will be equal to the
+ * RSA prime modulus length.
+ */
+
+ enum rte_crypto_rsa_padding_type pad;
+ /**< RSA padding scheme to be used for transform */
+
+ enum rte_crypto_auth_algorithm md;
+ /**< Hash algorithm to be used for data hash if padding
+ * scheme is either OAEP or PSS. Valid hash algorithms
+ * are:
+ * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+ */
+
+ enum rte_crypto_auth_algorithm mgf1md;
+ /**<
+ * Hash algorithm to be used for mask generation if
+ * padding scheme is either OAEP or PSS. If padding
+ * scheme is unspecified data hash algorithm is used
+ * for mask generation. Valid hash algorithms are:
+ * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+ */
+};
+
+/**
+ * Deffie-Hellman Operations params.
+ * @note:
+ */
+struct rte_crypto_dh_op_param {
+ rte_crypto_param pub_key;
+ /**<
+ * Output generated public key when xform type is
+ * DH PUB_KEY_GENERATION.
+ * Input peer public key when xform type is DH
+ * SHARED_SECRET_COMPUTATION
+ * pub_key is in octet-string network byte order format.
+ *
+ */
+
+ rte_crypto_param priv_key;
+ /**<
+ * Output generated private key if xform type is
+ * DH PRIVATE_KEY_GENERATION
+ * Input when xform type is DH SHARED_SECRET_COMPUTATION.
+ * priv_key is in octet-string network byte order format.
+ *
+ */
+
+ rte_crypto_param shared_secret;
+ /**<
+ * Output with calculated shared secret
+ * when dh xform set up with op type = SHARED_SECRET_COMPUTATION.
+ * shared_secret is an octet-string network byte order format.
+ *
+ */
+};
+
+/**
+ * DSA Operations params
+ *
+ */
+struct rte_crypto_dsa_op_param {
+ enum rte_crypto_asym_op_type op_type;
+ /**< Signature Generation or Verification */
+ rte_crypto_param message;
+ /**< input message to be signed or verified */
+ rte_crypto_param r;
+ /**< dsa sign component 'r' value
+ *
+ * output if op_type = sign generate,
+ * input if op_type = sign verify
+ */
+ rte_crypto_param s;
+ /**< dsa sign component 's' value
+ *
+ * output if op_type = sign generate,
+ * input if op_type = sign verify
+ */
+ rte_crypto_param y;
+ /**< y : Public key of the signer.
+ * Public key data of the signer in Octet-string network byte order
+ * format.
+ * y = g^x mod p
+ */
+};
+
+/**
+ * Asymmetric Cryptographic Operation.
+ *
+ * Structure describing asymmetric crypto operation params.
+ *
+ */
+struct rte_crypto_asym_op {
+ struct rte_cryptodev_asym_session *session;
+ /**< Handle for the initialised session context */
+
+ __extension__
+ union {
+ struct rte_crypto_rsa_op_param rsa;
+ struct rte_crypto_mod_op_param modex;
+ struct rte_crypto_mod_op_param modinv;
+ struct rte_crypto_dh_op_param dh;
+ struct rte_crypto_dsa_op_param dsa;
+ };
+} __rte_cache_aligned;
+
+/**
+ * Reset the fields of an asymmetric operation to their default values.
+ *
+ * @param op The crypto operation to be reset.
+ */
+static inline void
+__rte_crypto_asym_op_reset(struct rte_crypto_asym_op *op)
+{
+ memset(op, 0, sizeof(*op));
+}
+
+/**
+ * Attach a session to an asymmetric crypto operation
+ *
+ * @param asym_op crypto operation
+ * @param sess cryptodev session
+ */
+static inline int
+__rte_crypto_op_attach_asym_session(struct rte_crypto_asym_op *asym_op,
+ struct rte_cryptodev_asym_session *sess)
+{
+ asym_op->session = sess;
+ return 0;
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _RTE_CRYPTO_ASYM_H_ */