From patchwork Fri Feb 11 16:02:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 107376 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8C904A0032; Fri, 11 Feb 2022 18:09:21 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id F14C94114A; Fri, 11 Feb 2022 18:09:16 +0100 (CET) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mails.dpdk.org (Postfix) with ESMTP id E6DA340042 for ; Fri, 11 Feb 2022 18:09:14 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1644599355; x=1676135355; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=60/E8/0TYBJDJeNoRk1d/4/9Mva6pGYTJEcyuwZJPtI=; b=M8J/zybuPBkT9phcwR3xrx6vi0XdwgBo5YD+WvXftKG1LfQncIsBH7dv w1WfgwABvPfDCXr1Xkv070MdESDiCVkaY/sXUYve/ZzwEl6MVFFz4Zb4g buRi0POYtUyP7bvFCaIqsAj4ELfj5yfpWFIdF03VEl63zsBU1PppBR2D2 mY0XQKmQ2s1gW6+rryfLbhyudkt3bCGvF23IawRUSFauHrdrh64a1DFzx 4R+c/dtC7VqSE18ihZL9w2UipfSkOTP86PeIs7p9qaftv3Lxdt2fAiXUM Pq6mmonYdB/C+UBb+jegizdYwoVKpeztgTCS5LCiD667w8WOtZWu2GGlI A==; X-IronPort-AV: E=McAfee;i="6200,9189,10255"; a="247360849" X-IronPort-AV: E=Sophos;i="5.88,361,1635231600"; d="scan'208";a="247360849" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Feb 2022 09:07:51 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,361,1635231600"; d="scan'208";a="488241701" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by orsmga006.jf.intel.com with ESMTP; 11 Feb 2022 09:07:50 -0800 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v3 1/4] crypto: add dsa random number k Date: Fri, 11 Feb 2022 16:02:35 +0000 Message-Id: <20220211160238.90065-2-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220211160238.90065-1-arkadiuszx.kusztal@intel.com> References: <20220211160238.90065-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org This commit adds random number 'k' to dsa op param struct. This parameter is crucial in stiuations where: - PMD cannot generate random number - User would like to provide random source Additionally, it makes DSA consistent with ECDSA in terms of 'k' which includes this parameter. Signed-off-by: Arek Kusztal --- devtools/libabigail.abignore | 5 +++++ lib/cryptodev/rte_crypto_asym.h | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/devtools/libabigail.abignore b/devtools/libabigail.abignore index 4b676f317d..4463df9dd6 100644 --- a/devtools/libabigail.abignore +++ b/devtools/libabigail.abignore @@ -11,3 +11,8 @@ ; Ignore generated PMD information strings [suppress_variable] name_regexp = _pmd_info$ + +; Ignore changes to rte_crypto_asym_op, asymmetric crypto API +; is experimental +[suppress_type] + name = rte_crypto_asym_op \ No newline at end of file diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 9c866f553f..e0def3d9ab 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -547,6 +547,10 @@ struct rte_crypto_dsa_op_param { /**< Signature Generation or Verification */ rte_crypto_param message; /**< input message to be signed or verified */ + rte_crypto_param k; + /**< Per-message secret number, which is an integer + * in the interval (1, q-1) + */ rte_crypto_param r; /**< dsa sign component 'r' value * From patchwork Fri Feb 11 16:02:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 107377 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 065DEA0032; Fri, 11 Feb 2022 18:09:27 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D659541155; Fri, 11 Feb 2022 18:09:17 +0100 (CET) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mails.dpdk.org (Postfix) with ESMTP id E6DE640042 for ; Fri, 11 Feb 2022 18:09:15 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1644599356; x=1676135356; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=RCvSh6Vh0ID0fjkpISwpV4iNudlFIy/XIzXM4kpZuME=; b=MCtSrS74kNC2fNdQnIvQYzY4ufvPfoZ17WFtUIz/dTzpXiMq87JCRaHH Xaz38MU2ph5VjvkagDPTfGAasbbrHmQolOjRek8Un4yQtfpPJvitnBfm7 aOWcR6Em/GSUPbbILp9yb7bCy+80hRYq60CnzU61wZHM+GslSgQRDzdbT LIr2hVcGrfELLEQ5KZbfimvLg7Mm0N87E107spkvKPCWba53LnlCdjO7R aJZg+O7YGeD/oPj5ci5g7OgmtwQod2zUNkcfOOO500uFXtqwpaGJKwzSO Vy19iebyyDaPDScko9H/mgaL3ynRIh10RjLiOBM3sGrT2E/BxVko/u2XX g==; X-IronPort-AV: E=McAfee;i="6200,9189,10255"; a="247360854" X-IronPort-AV: E=Sophos;i="5.88,361,1635231600"; d="scan'208";a="247360854" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Feb 2022 09:07:53 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,361,1635231600"; d="scan'208";a="488241803" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by orsmga006.jf.intel.com with ESMTP; 11 Feb 2022 09:07:52 -0800 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v3 2/4] crypto: clarify usage of random numbers in asym Date: Fri, 11 Feb 2022 16:02:36 +0000 Message-Id: <20220211160238.90065-3-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220211160238.90065-1-arkadiuszx.kusztal@intel.com> References: <20220211160238.90065-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org This commit clarifies usage of random numbers in asymmetric crypto API. The user is now allowed to provide information to the PMD if random number should be generated or should be read from user input. If PMD does not support random number generation user should always provide it, if PMD does not support user random, rte_crypto_param.data accordingly should be set to NULL. Signed-off-by: Arek Kusztal --- lib/cryptodev/rte_crypto_asym.h | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index e0def3d9ab..58d47158de 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -33,6 +33,11 @@ extern "C" { * These buffers can be used for both input to PMD and output from PMD. When * used for output from PMD, application has to ensure the buffer is large * enough to hold the target data. + * + * If an operation requires the PMD to generate a random number, + * and the device supports CSRNG, 'data' should be set to NULL. + * The crypto parameter in question will not be used by the PMD, + * as it is internally generated. */ typedef struct rte_crypto_param_t { uint8_t *data; @@ -549,7 +554,9 @@ struct rte_crypto_dsa_op_param { /**< input message to be signed or verified */ rte_crypto_param k; /**< Per-message secret number, which is an integer - * in the interval (1, q-1) + * in the interval (1, q-1). + * If the random number is generated by the PMD, + * the 'rte_crypto_param.data' parameter should be set to NULL. */ rte_crypto_param r; /**< dsa sign component 'r' value @@ -589,7 +596,9 @@ struct rte_crypto_ecdsa_op_param { rte_crypto_param k; /**< The ECDSA per-message secret number, which is an integer - * in the interval (1, n-1) + * in the interval (1, n-1). + * If the random number is generated by the PMD, + * the 'rte_crypto_param.data' parameter should be set to NULL. */ rte_crypto_param r; From patchwork Fri Feb 11 16:02:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 107378 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 34646A0032; Fri, 11 Feb 2022 18:09:32 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C05664115E; Fri, 11 Feb 2022 18:09:19 +0100 (CET) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mails.dpdk.org (Postfix) with ESMTP id 2426940140 for ; Fri, 11 Feb 2022 18:09:15 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1644599356; x=1676135356; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=5eAiOABhu/8hk3a3VIlzVoil5G7oNOJ5ve19ZDXPMtg=; b=dNGNj4296VXomqKlxaXVG9hm7ysW/yC1ftL2qk+UCyULgJCiBdsSjZQy o6BitvLTcSQQRX6ldVoBQM0UqTTWVH2ESNJltCMdeuP9OcY5wch1muhuv Xh979DuEjvmq474m9iJi84Y3FOhSugdEXac5WTzZkwGGQz5oZ/JiCb21Y 1j7bUNJ42swRw0mJ1dOgTPXz9bV10hukRwvVnWs+DT+uC4EiCKJGEYqiU mkXqqRTJM5/6Jyv9FNGuh8UILnv8/dzUkP9M5CSVEJCOjhYyme0DKquyj aEIayXwU7Tad+IeDRPlnSJxGdq1FYgdfmfAJfFQ9hN9LkMw9sK4efnQDp w==; X-IronPort-AV: E=McAfee;i="6200,9189,10255"; a="247360859" X-IronPort-AV: E=Sophos;i="5.88,361,1635231600"; d="scan'208";a="247360859" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Feb 2022 09:07:56 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,361,1635231600"; d="scan'208";a="488241898" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by orsmga006.jf.intel.com with ESMTP; 11 Feb 2022 09:07:54 -0800 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v3 3/4] crypto: use rte macro instead of direct attribute Date: Fri, 11 Feb 2022 16:02:37 +0000 Message-Id: <20220211160238.90065-4-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220211160238.90065-1-arkadiuszx.kusztal@intel.com> References: <20220211160238.90065-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org This commit replaces __extension__ attribute with RTE_STD_C11 in anonymous unions. It makes API consistent in terms of usage of C11 feature macro. Signed-off-by: Arek Kusztal --- lib/cryptodev/rte_crypto_asym.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 58d47158de..7bdc847702 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -222,7 +222,7 @@ struct rte_crypto_rsa_xform { enum rte_crypto_rsa_priv_key_type key_type; - __extension__ + RTE_STD_C11 union { rte_crypto_param d; /**< d - Private key exponent @@ -408,7 +408,7 @@ struct rte_crypto_asym_xform { enum rte_crypto_asym_xform_type xform_type; /**< Asymmetric crypto transform */ - __extension__ + RTE_STD_C11 union { struct rte_crypto_rsa_xform rsa; /**< RSA xform parameters */ @@ -642,7 +642,7 @@ struct rte_crypto_asym_op { /**< Session-less API crypto operation parameters */ }; - __extension__ + RTE_STD_C11 union { struct rte_crypto_rsa_op_param rsa; struct rte_crypto_mod_op_param modex; From patchwork Fri Feb 11 16:02:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 107379 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0C444A0032; Fri, 11 Feb 2022 18:09:37 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 962864116A; Fri, 11 Feb 2022 18:09:20 +0100 (CET) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mails.dpdk.org (Postfix) with ESMTP id C170940042 for ; Fri, 11 Feb 2022 18:09:16 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1644599357; x=1676135357; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=cpxciSPO8Yey/SBba5luRkCIdoSjh+nVhX9g9QtZtSk=; b=RLM2J5zgxnWG3tbkzqHSSPKR/TO2l8H7BDs6YHhn5rkUo3cnpvx+iKpO UZL2rBoXd9RE7Jm+/n8yj2fdjzVPO+5M9rVIgYtRyPl9ajaQ2fXxVGa99 ytiKyXbPmnWNxo5l7Utc5mNiD9G5E4bea2ETZqP4RQ/B17vpqT86Hi6ad lAGA3GV7S7RwruvseI0cvzixECJ6XbwdD8OsAfnqyv6nj2JOlaE78whJg YBglxAb+Wz79CMLVjNx3GlJRLrH8e5ygokEnLogC6Td6Cx3flzN1Q+e8i 3/b4088wzf6Y5Lo1MT9pQe1G2o1OGJIO88koAkgGa8zT98b1IoMBKK6EL w==; X-IronPort-AV: E=McAfee;i="6200,9189,10255"; a="247360866" X-IronPort-AV: E=Sophos;i="5.88,361,1635231600"; d="scan'208";a="247360866" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Feb 2022 09:07:58 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,361,1635231600"; d="scan'208";a="488241983" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by orsmga006.jf.intel.com with ESMTP; 11 Feb 2022 09:07:56 -0800 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v3 4/4] crypto: reorganize endianness comments, add crypto uint Date: Fri, 11 Feb 2022 16:02:38 +0000 Message-Id: <20220211160238.90065-5-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220211160238.90065-1-arkadiuszx.kusztal@intel.com> References: <20220211160238.90065-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org This patch adds crypto uint typedef so adding comment about byte-order becomes unnecessary. It makes API comments more tidy, and more consistent with other asymmetric crypto APIs. Additionally it reorganizes code that enums, externs and forward declarations are moved to the top of the header file making code more readable. It removes also comments like co-prime constraint from mod inv as it is natural mathematical constraint, not PMD constraint. Signed-off-by: Arek Kusztal --- lib/cryptodev/rte_crypto_asym.h | 356 +++++++++++++++------------------------- 1 file changed, 131 insertions(+), 225 deletions(-) diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 7bdc847702..2eb0f001e3 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -27,26 +27,7 @@ extern "C" { #include "rte_crypto_sym.h" -/** - * Buffer to hold crypto params required for asym operations. - * - * These buffers can be used for both input to PMD and output from PMD. When - * used for output from PMD, application has to ensure the buffer is large - * enough to hold the target data. - * - * If an operation requires the PMD to generate a random number, - * and the device supports CSRNG, 'data' should be set to NULL. - * The crypto parameter in question will not be used by the PMD, - * as it is internally generated. - */ -typedef struct rte_crypto_param_t { - uint8_t *data; - /**< pointer to buffer holding data */ - rte_iova_t iova; - /**< IO address of data buffer */ - size_t length; - /**< length of data in bytes */ -} rte_crypto_param; +struct rte_cryptodev_asym_session; /** asym xform type name strings */ extern const char * @@ -57,6 +38,19 @@ extern const char * rte_crypto_asym_op_strings[]; /** + * TLS named curves + * https://tools.ietf.org/html/rfc8422 + */ +enum rte_crypto_ec_group { + RTE_CRYPTO_EC_GROUP_UNKNOWN = 0, + RTE_CRYPTO_EC_GROUP_SECP192R1 = 19, + RTE_CRYPTO_EC_GROUP_SECP224R1 = 21, + RTE_CRYPTO_EC_GROUP_SECP256R1 = 23, + RTE_CRYPTO_EC_GROUP_SECP384R1 = 24, + RTE_CRYPTO_EC_GROUP_SECP521R1 = 25, +}; + +/** * Asymmetric crypto transformation types. * Each xform type maps to one asymmetric algorithm * performing specific operation @@ -158,47 +152,54 @@ enum rte_crypto_rsa_priv_key_type { }; /** - * Structure describing RSA private key in quintuple format. - * See PKCS V1.5 RSA Cryptography Standard. + * Buffer to hold crypto params required for asym operations. + * + * These buffers can be used for both input to PMD and output from PMD. When + * used for output from PMD, application has to ensure the buffer is large + * enough to hold the target data. + * + * If an operation requires the PMD to generate a random number, + * and the device supports CSRNG, 'data' should be set to NULL. + * The crypto parameter in question will not be used by the PMD, + * as it is internally generated. */ -struct rte_crypto_rsa_priv_key_qt { - rte_crypto_param p; - /**< p - Private key component P - * Private key component of RSA parameter required for CRT method - * of private key operations in Octet-string network byte order - * format. - */ - - rte_crypto_param q; - /**< q - Private key component Q - * Private key component of RSA parameter required for CRT method - * of private key operations in Octet-string network byte order - * format. - */ +typedef struct rte_crypto_param_t { + uint8_t *data; + /**< pointer to buffer holding data */ + rte_iova_t iova; + /**< IO address of data buffer */ + size_t length; + /**< length of data in bytes */ +} rte_crypto_param; - rte_crypto_param dP; - /**< dP - Private CRT component - * Private CRT component of RSA parameter required for CRT method - * RSA private key operations in Octet-string network byte order - * format. - * dP = d mod ( p - 1 ) - */ +/** Unsigned big-integer in big-endian format */ +typedef rte_crypto_param rte_crypto_uint; - rte_crypto_param dQ; - /**< dQ - Private CRT component - * Private CRT component of RSA parameter required for CRT method - * RSA private key operations in Octet-string network byte order - * format. - * dQ = d mod ( q - 1 ) - */ +/** + * Structure for elliptic curve point + */ +struct rte_crypto_ec_point { + rte_crypto_param x; + /**< X coordinate */ + rte_crypto_param y; + /**< Y coordinate */ +}; - rte_crypto_param qInv; - /**< qInv - Private CRT component - * Private CRT component of RSA parameter required for CRT method - * RSA private key operations in Octet-string network byte order - * format. - * qInv = inv q mod p - */ +/** + * Structure describing RSA private key in quintuple format. + * See PKCS V1.5 RSA Cryptography Standard. + */ +struct rte_crypto_rsa_priv_key_qt { + rte_crypto_uint p; + /**< the first factor */ + rte_crypto_uint q; + /**< the second factor */ + rte_crypto_uint dP; + /**< the first factor's CRT exponent */ + rte_crypto_uint dQ; + /**< the second's factor's CRT exponent */ + rte_crypto_uint qInv; + /**< the CRT coefficient */ }; /** @@ -208,29 +209,17 @@ struct rte_crypto_rsa_priv_key_qt { * */ struct rte_crypto_rsa_xform { - rte_crypto_param n; - /**< n - Modulus - * Modulus data of RSA operation in Octet-string network - * byte order format. - */ - - rte_crypto_param e; - /**< e - Public key exponent - * Public key exponent used for RSA public key operations in Octet- - * string network byte order format. - */ + rte_crypto_uint n; + /**< the RSA modulus */ + rte_crypto_uint e; + /**< the RSA public exponent */ enum rte_crypto_rsa_priv_key_type key_type; RTE_STD_C11 union { - rte_crypto_param d; - /**< d - Private key exponent - * Private key exponent used for RSA - * private key operations in - * Octet-string network byte order format. - */ - + rte_crypto_uint d; + /**< the RSA private exponent */ struct rte_crypto_rsa_priv_key_qt qt; /**< qt - Private key in quintuple format */ }; @@ -243,20 +232,10 @@ struct rte_crypto_rsa_xform { * */ struct rte_crypto_modex_xform { - rte_crypto_param modulus; - /**< modulus - * Pointer to the modulus data for modexp transform operation - * in octet-string network byte order format - * - * In case this number is equal to zero the driver shall set - * the crypto op status field to RTE_CRYPTO_OP_STATUS_ERROR - */ - - rte_crypto_param exponent; - /**< exponent - * Exponent of the modexp transform operation in - * octet-string network byte order format - */ + rte_crypto_uint modulus; + /**< Modulus data for modexp transform operation */ + rte_crypto_uint exponent; + /**< Exponent of the modexp transform operation */ }; /** @@ -266,18 +245,8 @@ struct rte_crypto_modex_xform { * */ struct rte_crypto_modinv_xform { - rte_crypto_param modulus; - /**< - * Pointer to the modulus data for modular multiplicative inverse - * operation in octet-string network byte order format - * - * In case this number is equal to zero the driver shall set - * the crypto op status field to RTE_CRYPTO_OP_STATUS_ERROR - * - * This number shall be relatively prime to base - * in corresponding Modular Multiplicative Inverse - * rte_crypto_mod_op_param - */ + rte_crypto_uint modulus; + /**< Modulus data for modular multiplicative inverse operation */ }; /** @@ -289,19 +258,10 @@ struct rte_crypto_modinv_xform { struct rte_crypto_dh_xform { enum rte_crypto_asym_op_type type; /**< Setup xform for key generate or shared secret compute */ - - rte_crypto_param p; - /**< p : Prime modulus data - * DH prime modulus data in octet-string network byte order format. - * - */ - - rte_crypto_param g; - /**< g : Generator - * DH group generator data in octet-string network byte order - * format. - * - */ + rte_crypto_uint p; + /**< Prime modulus data */ + rte_crypto_uint g; + /**< DH Generator */ }; /** @@ -311,22 +271,13 @@ struct rte_crypto_dh_xform { * */ struct rte_crypto_dsa_xform { - rte_crypto_param p; - /**< p - Prime modulus - * Prime modulus data for DSA operation in Octet-string network byte - * order format. - */ - rte_crypto_param q; - /**< q : Order of the subgroup. - * Order of the subgroup data in Octet-string network byte order - * format. - * (p-1) % q = 0 - */ - rte_crypto_param g; - /**< g: Generator of the subgroup - * Generator data in Octet-string network byte order format. - */ - rte_crypto_param x; + rte_crypto_uint p; + /**< Prime modulus */ + rte_crypto_uint q; + /**< Order of the subgroup */ + rte_crypto_uint g; + /**< Generator of the subgroup */ + rte_crypto_uint x; /**< x: Private key of the signer in octet-string network * byte order format. * Used when app has pre-defined private key. @@ -337,29 +288,6 @@ struct rte_crypto_dsa_xform { }; /** - * TLS named curves - * https://tools.ietf.org/html/rfc8422 - */ -enum rte_crypto_ec_group { - RTE_CRYPTO_EC_GROUP_UNKNOWN = 0, - RTE_CRYPTO_EC_GROUP_SECP192R1 = 19, - RTE_CRYPTO_EC_GROUP_SECP224R1 = 21, - RTE_CRYPTO_EC_GROUP_SECP256R1 = 23, - RTE_CRYPTO_EC_GROUP_SECP384R1 = 24, - RTE_CRYPTO_EC_GROUP_SECP521R1 = 25, -}; - -/** - * Structure for elliptic curve point - */ -struct rte_crypto_ec_point { - rte_crypto_param x; - /**< X coordinate */ - rte_crypto_param y; - /**< Y coordinate */ -}; - -/** * Asymmetric elliptic curve transform data * * Structure describing all EC based xform params @@ -376,65 +304,13 @@ struct rte_crypto_ec_xform { * */ struct rte_crypto_mod_op_param { - rte_crypto_param base; - /**< - * Pointer to base of modular exponentiation/multiplicative - * inverse data in octet-string network byte order format - * - * In case Multiplicative Inverse is used this number shall - * be relatively prime to modulus in corresponding Modular - * Multiplicative Inverse rte_crypto_modinv_xform - */ - - rte_crypto_param result; - /**< - * Pointer to the result of modular exponentiation/multiplicative inverse - * data in octet-string network byte order format. - * - * This field shall be big enough to hold the result of Modular - * Exponentiation or Modular Multiplicative Inverse - * (bigger or equal to length of modulus) - */ + rte_crypto_uint base; + /** Base of modular exponentiation/multiplicative inverse */ + rte_crypto_uint result; + /** Result of modular exponentiation/multiplicative inverse */ }; /** - * Asymmetric crypto transform data - * - * Structure describing asym xforms. - */ -struct rte_crypto_asym_xform { - struct rte_crypto_asym_xform *next; - /**< Pointer to next xform to set up xform chain.*/ - enum rte_crypto_asym_xform_type xform_type; - /**< Asymmetric crypto transform */ - - RTE_STD_C11 - union { - struct rte_crypto_rsa_xform rsa; - /**< RSA xform parameters */ - - struct rte_crypto_modex_xform modex; - /**< Modular Exponentiation xform parameters */ - - struct rte_crypto_modinv_xform modinv; - /**< Modular Multiplicative Inverse xform parameters */ - - struct rte_crypto_dh_xform dh; - /**< DH xform parameters */ - - struct rte_crypto_dsa_xform dsa; - /**< DSA xform parameters */ - - struct rte_crypto_ec_xform ec; - /**< EC xform parameters, used by elliptic curve based - * operations. - */ - }; -}; - -struct rte_cryptodev_asym_session; - -/** * RSA operation params * */ @@ -515,30 +391,27 @@ struct rte_crypto_rsa_op_param { * @note: */ struct rte_crypto_dh_op_param { - rte_crypto_param pub_key; + rte_crypto_uint pub_key; /**< * Output generated public key when xform type is * DH PUB_KEY_GENERATION. * Input peer public key when xform type is DH * SHARED_SECRET_COMPUTATION - * pub_key is in octet-string network byte order format. * */ - rte_crypto_param priv_key; + rte_crypto_uint priv_key; /**< * Output generated private key if xform type is * DH PRIVATE_KEY_GENERATION * Input when xform type is DH SHARED_SECRET_COMPUTATION. - * priv_key is in octet-string network byte order format. * */ - rte_crypto_param shared_secret; + rte_crypto_uint shared_secret; /**< * Output with calculated shared secret * when dh xform set up with op type = SHARED_SECRET_COMPUTATION. - * shared_secret is an octet-string network byte order format. * */ }; @@ -552,28 +425,26 @@ struct rte_crypto_dsa_op_param { /**< Signature Generation or Verification */ rte_crypto_param message; /**< input message to be signed or verified */ - rte_crypto_param k; + rte_crypto_uint k; /**< Per-message secret number, which is an integer * in the interval (1, q-1). * If the random number is generated by the PMD, * the 'rte_crypto_param.data' parameter should be set to NULL. */ - rte_crypto_param r; + rte_crypto_uint r; /**< dsa sign component 'r' value * * output if op_type = sign generate, * input if op_type = sign verify */ - rte_crypto_param s; + rte_crypto_uint s; /**< dsa sign component 's' value * * output if op_type = sign generate, * input if op_type = sign verify */ - rte_crypto_param y; + rte_crypto_uint y; /**< y : Public key of the signer. - * Public key data of the signer in Octet-string network byte order - * format. * y = g^x mod p */ }; @@ -585,7 +456,7 @@ struct rte_crypto_ecdsa_op_param { enum rte_crypto_asym_op_type op_type; /**< Signature generation or verification */ - rte_crypto_param pkey; + rte_crypto_uint pkey; /**< Private key of the signer for signature generation */ struct rte_crypto_ec_point q; @@ -594,19 +465,19 @@ struct rte_crypto_ecdsa_op_param { rte_crypto_param message; /**< Input message digest to be signed or verified */ - rte_crypto_param k; + rte_crypto_uint k; /**< The ECDSA per-message secret number, which is an integer * in the interval (1, n-1). * If the random number is generated by the PMD, * the 'rte_crypto_param.data' parameter should be set to NULL. */ - rte_crypto_param r; + rte_crypto_uint r; /**< r component of elliptic curve signature * output : for signature generation * input : for signature verification */ - rte_crypto_param s; + rte_crypto_uint s; /**< s component of elliptic curve signature * output : for signature generation * input : for signature verification @@ -628,6 +499,41 @@ struct rte_crypto_ecpm_op_param { }; /** + * Asymmetric crypto transform data + * + * Structure describing asym xforms. + */ +struct rte_crypto_asym_xform { + struct rte_crypto_asym_xform *next; + /**< Pointer to next xform to set up xform chain.*/ + enum rte_crypto_asym_xform_type xform_type; + /**< Asymmetric crypto transform */ + + RTE_STD_C11 + union { + struct rte_crypto_rsa_xform rsa; + /**< RSA xform parameters */ + + struct rte_crypto_modex_xform modex; + /**< Modular Exponentiation xform parameters */ + + struct rte_crypto_modinv_xform modinv; + /**< Modular Multiplicative Inverse xform parameters */ + + struct rte_crypto_dh_xform dh; + /**< DH xform parameters */ + + struct rte_crypto_dsa_xform dsa; + /**< DSA xform parameters */ + + struct rte_crypto_ec_xform ec; + /**< EC xform parameters, used by elliptic curve based + * operations. + */ + }; +}; + +/** * Asymmetric Cryptographic Operation. * * Structure describing asymmetric crypto operation params.