From patchwork Fri Aug 11 17:39:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 130187 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1F38A43036; Fri, 11 Aug 2023 19:39:51 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 10E7240E03; Fri, 11 Aug 2023 19:39:51 +0200 (CEST) Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88]) by mails.dpdk.org (Postfix) with ESMTP id ECDC840144 for ; Fri, 11 Aug 2023 19:39:49 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1691775590; x=1723311590; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=Xj6muG1ZOhBd8UrYoRVPAB1y7mFiDydzTxSzNi9XxYQ=; b=bxVR8re8n7TchbhbODzNPLy8rgA5ahcvgw5E/aqgyqpHoa1vlLoBhFd8 haJBkRlyuZyONTKOaHPvIvz7yjQKJB7gBGTcq+74OxjV+GUxf9prnVOpH p6sAZ6tMDwiiNo8bOt8B7GHK4/qBA2lqXVM5/5gWfVhsYlG1OKtTlt1rK q7rAXA/egqXDmFNbTiXMRunPh80o9GwebDx0RlCKma1+YSqOAYVmfvE11 bWNI45TzI5xYS3tKHkKyv2qo0nCfr2nBdlqhRBN/HE9ZFv1JEGjCTvopb BQSoxJ8Z4aU1CJn9w4Db6O17eSG3niYrux+Ico34t3XrnqeByrS7WV+FO A==; X-IronPort-AV: E=McAfee;i="6600,9927,10799"; a="402701965" X-IronPort-AV: E=Sophos;i="6.01,166,1684825200"; d="scan'208";a="402701965" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Aug 2023 10:39:48 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10799"; a="735854030" X-IronPort-AV: E=Sophos;i="6.01,166,1684825200"; d="scan'208";a="735854030" Received: from silpixa00400465.ir.intel.com ([10.55.129.105]) by fmsmga007.fm.intel.com with ESMTP; 11 Aug 2023 10:39:47 -0700 From: Arkadiusz Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, kai.ji@intel.com, ciara.power@intel.com, Arkadiusz Kusztal Subject: [RFC] cryptodev: refactor sm2, add plain message flag Date: Fri, 11 Aug 2023 17:39:44 +0000 Message-Id: <20230811173944.2550303-1-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org SM2 asymmetric crypto operation was split into cipher and signature operation. Now it corresponds to the other crypto algorithms and facilitates addition of other SM2 components like the SM2 key exchange. Flag to distinguish between a plain message or a hash used for signature was added to the DSA, ECDSA and SM2. Signed-off-by: Arkadiusz Kusztal --- lib/cryptodev/rte_crypto_asym.h | 116 +++++++++++++++++--------------- 1 file changed, 63 insertions(+), 53 deletions(-) diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 8b5794fb7c..43bdb392c5 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -54,6 +54,7 @@ rte_crypto_asym_op_strings[]; * and if the flag is not set, shared secret will be padded to the left with * zeros to the size of the underlying algorithm (default) */ +#define RTE_CRYPTO_ASYM_FLAG_PLAIN_INPUT RTE_BIT32(2) /** * List of elliptic curves. This enum aligns with @@ -379,16 +380,6 @@ struct rte_crypto_ec_xform { /**< Pre-defined ec groups */ }; -/** - * Asymmetric SM2 transform data. - * - * Structure describing SM2 xform params. - */ -struct rte_crypto_sm2_xform { - enum rte_crypto_auth_algorithm hash; - /**< Hash algorithm used in SM2 op. */ -}; - /** * Operations params for modular operations: * exponentiation and multiplicative inverse @@ -540,7 +531,12 @@ struct rte_crypto_dsa_op_param { enum rte_crypto_asym_op_type op_type; /**< Signature Generation or Verification */ rte_crypto_param message; - /**< input message to be signed or verified */ + /**< + * Pointer to the input data + * In case RTE_CRYPTO_ASYM_FLAG_PLAIN_INPUT flag is set in the op flags field, + * it is a message to be signed by the PMD. + * Otherwise, it is a message hash. + */ rte_crypto_uint k; /**< Per-message secret number, which is an integer * in the interval (1, q-1). @@ -579,7 +575,12 @@ struct rte_crypto_ecdsa_op_param { /**< Public key of the signer for verification */ rte_crypto_param message; - /**< Input message digest to be signed or verified */ + /**< + * Pointer to the input data + * In case RTE_CRYPTO_ASYM_FLAG_PLAIN_INPUT flag is set in the op flags field, + * it is a message to be signed by the PMD. + * Otherwise, it is a message hash. + */ rte_crypto_uint k; /**< The ECDSA per-message secret number, which is an integer @@ -652,52 +653,20 @@ struct rte_crypto_asym_xform { }; }; -/** - * SM2 operation params. - */ -struct rte_crypto_sm2_op_param { +struct rte_crypto_sm2_signature { enum rte_crypto_asym_op_type op_type; /**< Signature generation or verification. */ - - rte_crypto_uint pkey; - /**< Private key for encryption or sign generation. */ - - struct rte_crypto_ec_point q; - /**< Public key for decryption or verification. */ - rte_crypto_param message; /**< - * Pointer to input data - * - to be encrypted for SM2 public encrypt. - * - to be signed for SM2 sign generation. - * - to be authenticated for SM2 sign verification. - * - * Pointer to output data - * - for SM2 private decrypt. - * In this case the underlying array should have been - * allocated with enough memory to hold plaintext output - * (at least encrypted text length). The message.length field - * will be overwritten by the PMD with the decrypted length. - */ - - rte_crypto_param cipher; - /**< - * Pointer to input data - * - to be decrypted for SM2 private decrypt. - * - * Pointer to output data - * - for SM2 public encrypt. - * In this case the underlying array should have been allocated - * with enough memory to hold ciphertext output (at least X bytes - * for prime field curve of N bytes and for message M bytes, - * where X = (C1 || C2 || C3) and computed based on SM2 RFC as - * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will - * be overwritten by the PMD with the encrypted length. + * Pointer to the input data + * In case RTE_CRYPTO_ASYM_FLAG_PLAIN_INPUT flag is set in the op flags field, + * it is a message to be signed by the PMD. + * Otherwise, it is a message hash. */ - rte_crypto_uint id; - /**< The SM2 id used by signer and verifier. */ - + /**< The SM2 id used by signer and verifier. + * In case RTE_CRYPTO_ASYM_FLAG_PLAIN_INPUT flag is set this field is unused. + */ rte_crypto_uint k; /**< The SM2 per-message secret number, which is an integer * in the interval (1, n-1). @@ -719,6 +688,46 @@ struct rte_crypto_sm2_op_param { */ }; +struct rte_crypto_sm2_cipher { + enum rte_crypto_asym_op_type op_type; + /**< Ecryption or decryption. */ + rte_crypto_param message; + /**< + * Pointer to input data + * - to be encrypted for SM2 public encrypt. * + * Pointer to output data + * - for SM2 private decrypt. + */ + rte_crypto_param cipher; + /**< + * Pointer to input data + * - to be decrypted for SM2 private decrypt. + * + * Pointer to output data + * - for SM2 public encrypt. + */ + rte_crypto_uint k; + /**< The SM2 per-message secret number, which is an integer + * in the interval (1, n-1). + * If the random number is generated by the PMD, + * the 'rte_crypto_param.data' parameter should be set to NULL. + */ +}; + +/* + * Asymmetric SM2 transform data. + * + * Structure describing SM2 xform params. + */ +struct rte_crypto_sm2_xform { + enum rte_crypto_auth_algorithm hash; + /**< Hash algorithm used in SM2 op. */ + rte_crypto_uint dA; + /**< Private key. */ + struct rte_crypto_ec_point PA; + /**< Public key. */ +}; + /** * Asymmetric Cryptographic Operation. * @@ -743,7 +752,8 @@ struct rte_crypto_asym_op { struct rte_crypto_dsa_op_param dsa; struct rte_crypto_ecdsa_op_param ecdsa; struct rte_crypto_ecpm_op_param ecpm; - struct rte_crypto_sm2_op_param sm2; + struct rte_crypto_sm2_signature sm2_signature; + struct rte_crypto_sm2_cipher sm2_cipher; }; uint16_t flags; /**<