diff mbox series

[04/40] cryptodev: reduce number of comments in asym xform

Message ID	20220520055445.40063-5-arkadiuszx.kusztal@intel.com (mailing list archive)
State	Changes Requested, archived
Delegated to:	akhil goyal
Headers	From: Arek Kusztal <arkadiuszx.kusztal@intel.com> To: dev@dpdk.org Cc: gakhil@marvell.com, anoobj@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal <arkadiuszx.kusztal@intel.com> Subject: [PATCH 04/40] cryptodev: reduce number of comments in asym xform Date: Fri, 20 May 2022 06:54:09 +0100 Message-Id: <20220520055445.40063-5-arkadiuszx.kusztal@intel.com> In-Reply-To: <20220520055445.40063-1-arkadiuszx.kusztal@intel.com> References: <20220520055445.40063-1-arkadiuszx.kusztal@intel.com> Precedence: list Errors-To: dev-bounces@dpdk.org
Series	cryptodev: rsa, dh, ecdh changes \| [00/40] cryptodev: rsa, dh, ecdh changes [01/40] cryptodev: redefine ec group enum [02/40] cryptodev: remove list end enumerators [03/40] test/crypto: remove list end enumerators [04/40] cryptodev: reduce number of comments in asym xform [05/40] test/crypto: removed asym xform none [06/40] cryptodev: separate key exchange operation enum [07/40] crypto/openssl: separate key exchange operation enum [08/40] test/crypto: separate key exchange operation enum [09/40] cryptodev: remove unnecessary zero assignement [10/40] cryptodev: remove comment about using ephemeral key in dsa [11/40] cryptodev: remove asym crypto next xform [12/40] crypto/openssl: remove asym crypto next xform [13/40] test/crypto: remove asym crypto next xform [14/40] app/test-crypto-perf: remove asym crypto next xform [15/40] app/test-eventdev: remove asym crypto next xform [16/40] cryptodev: move dh type from xform to dh op [17/40] crypto/openssl: move dh type from xform to dh op [18/40] test/crypto: move dh type from xform to dh op [19/40] cryptodev: changed order of dh fields [20/40] cryptodev: add elliptic curve diffie hellman [21/40] cryptodev: add public key verify option [22/40] cryptodev: move RSA padding into separate struct [23/40] crypto/qat: move RSA padding into separate struct [24/40] crypto/openssl: move RSA padding into separate struct [25/40] crypto/octeontx: move RSA padding into separate struct [26/40] crypto/cnxk: move RSA padding into separate struct [27/40] common/cpt: move RSA padding into separate struct [28/40] test/crypto: move RSA padding into separate struct [29/40] cryptodev: add salt length and optional label [30/40] cryptodev: reduce rsa struct to only necessary fields [31/40] crypto/qat: reduce rsa struct to only necessary fields [32/40] crypto/openssl: reduce rsa struct to only necessary fields [33/40] crypto/octeontx: reduce rsa struct to only necessary fields [34/40] crypto/cnxk: reduce rsa struct to only necessary fields [35/40] common/cpt: reduce rsa struct to only necessary fields [36/40] test/crypto: reduce rsa struct to only necessary fields [37/40] cryptodev: add asym op flags [38/40] cryptodev: clarify usage of private key in dh [39/40] crypto/openssl: generate dh private key [40/40] test/crypto: added test for dh priv key generation

Checks

Context	Check	Description
ci/checkpatch	warning	coding style issues

Commit Message

Arkadiusz Kusztal May 20, 2022, 5:54 a.m. UTC

  - Reduced number of comments in asymmetric xform.
Information describing basic functionality of well known
algorithms are unnecessary.
- Added information about data memory lifetime.
It was specified how user should work with private data,
and it is user's responsability to clear it.
- Removed NONE asymetric xform.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/cryptodev/rte_crypto_asym.h | 45 +++++++++++++----------------------------
 lib/cryptodev/rte_cryptodev.c   |  1 -
 2 files changed, 14 insertions(+), 32 deletions(-)

Comments

Akhil Goyal May 24, 2022, 10:59 a.m. UTC | #1

> - Reduced number of comments in asymmetric xform.
> Information describing basic functionality of well known
> algorithms are unnecessary.
> - Added information about data memory lifetime.
> It was specified how user should work with private data,
> and it is user's responsability to clear it.
> - Removed NONE asymetric xform.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  lib/cryptodev/rte_crypto_asym.h | 45 +++++++++++++----------------------------
>  lib/cryptodev/rte_cryptodev.c   |  1 -
>  2 files changed, 14 insertions(+), 32 deletions(-)
> 
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index a474b6acd1..0251e8caae 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -55,46 +55,29 @@ enum rte_crypto_curve_id {
>  };
> 
>  /**
> - * Asymmetric crypto transformation types.
> - * Each xform type maps to one asymmetric algorithm
> - * performing specific operation
> - *
> + * Asymmetric crypto algorithm static data.
> + * Data that may be used more than once (e.g. RSA private key).
> + * It is the USER responsibility to keep track of private data memory
> + * lifetime and security of the this data in xform. The same way
> + * it is the USER responsibility to call cryptodev session_clear()
> + * function if a session was created. If session-less not used
> + * xform data should be cleared after successful session creation.
>   */
>  enum rte_crypto_asym_xform_type {
> -	RTE_CRYPTO_ASYM_XFORM_UNSPECIFIED = 0,
> +	RTE_CRYPTO_ASYM_XFORM_UNSPECIFIED,
>  	/**< Invalid xform. */
> -	RTE_CRYPTO_ASYM_XFORM_NONE,
> -	/**< Xform type None.
> -	 * May be supported by PMD to support
> -	 * passthrough op for debugging purpose.
> -	 * if xform_type none , op_type is disregarded.
> -	 */
I believe removing this is not a good idea. As stated, it will help in
Debugging.

>  	RTE_CRYPTO_ASYM_XFORM_RSA,
> -	/**< RSA. Performs Encrypt, Decrypt, Sign and Verify.
> -	 * Refer to rte_crypto_asym_op_type
> -	 */
> +	/**< RSA */
>  	RTE_CRYPTO_ASYM_XFORM_DH,
> -	/**< Diffie-Hellman.
> -	 * Performs Key Generate and Shared Secret Compute.
> -	 * Refer to rte_crypto_asym_op_type
> -	 */
> +	/**< Diffie-Hellman */
>  	RTE_CRYPTO_ASYM_XFORM_DSA,
> -	/**< Digital Signature Algorithm
> -	 * Performs Signature Generation and Verification.
> -	 * Refer to rte_crypto_asym_op_type
> -	 */
> +	/**< Digital Signature Algorithm */
>  	RTE_CRYPTO_ASYM_XFORM_MODINV,
> -	/**< Modular Multiplicative Inverse
> -	 * Perform Modular Multiplicative Inverse b^(-1) mod n
> -	 */
> +	/**< Modular Multiplicative Inverse */
>  	RTE_CRYPTO_ASYM_XFORM_MODEX,
> -	/**< Modular Exponentiation
> -	 * Perform Modular Exponentiation b^e mod n
> -	 */
> +	/**< Modular Exponentiation */
>  	RTE_CRYPTO_ASYM_XFORM_ECDSA,
> -	/**< Elliptic Curve Digital Signature Algorithm
> -	 * Perform Signature Generation and Verification.
> -	 */
> +	/**< Elliptic Curve Digital Signature Algorithm */
>  	RTE_CRYPTO_ASYM_XFORM_ECPM
>  	/**< Elliptic Curve Point Multiplication */
>  };
> diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
> index e16e6802aa..691625bd04 100644
> --- a/lib/cryptodev/rte_cryptodev.c
> +++ b/lib/cryptodev/rte_cryptodev.c
> @@ -160,7 +160,6 @@ rte_crypto_aead_operation_strings[] = {
>   * Asymmetric crypto transform operation strings identifiers.
>   */
>  const char *rte_crypto_asym_xform_strings[] = {
> -	[RTE_CRYPTO_ASYM_XFORM_NONE]	= "none",
>  	[RTE_CRYPTO_ASYM_XFORM_RSA]	= "rsa",
>  	[RTE_CRYPTO_ASYM_XFORM_MODEX]	= "modexp",
>  	[RTE_CRYPTO_ASYM_XFORM_MODINV]	= "modinv",
> --
> 2.13.6

Arkadiusz Kusztal May 24, 2022, 5:37 p.m. UTC | #2

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Tuesday, May 24, 2022 12:59 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>
> Subject: RE: [EXT] [PATCH 04/40] cryptodev: reduce number of comments in
> asym xform
> 
> > - Reduced number of comments in asymmetric xform.
> > Information describing basic functionality of well known algorithms
> > are unnecessary.
> > - Added information about data memory lifetime.
> > It was specified how user should work with private data, and it is
> > user's responsability to clear it.
> > - Removed NONE asymetric xform.
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> >  lib/cryptodev/rte_crypto_asym.h | 45 +++++++++++++----------------------------
> >  lib/cryptodev/rte_cryptodev.c   |  1 -
> >  2 files changed, 14 insertions(+), 32 deletions(-)
> >
> > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > b/lib/cryptodev/rte_crypto_asym.h index a474b6acd1..0251e8caae 100644
> > --- a/lib/cryptodev/rte_crypto_asym.h
> > +++ b/lib/cryptodev/rte_crypto_asym.h
> > @@ -55,46 +55,29 @@ enum rte_crypto_curve_id {  };
> >
> >  /**
> > - * Asymmetric crypto transformation types.
> > - * Each xform type maps to one asymmetric algorithm
> > - * performing specific operation
> > - *
> > + * Asymmetric crypto algorithm static data.
> > + * Data that may be used more than once (e.g. RSA private key).
> > + * It is the USER responsibility to keep track of private data memory
> > + * lifetime and security of the this data in xform. The same way
> > + * it is the USER responsibility to call cryptodev session_clear()
> > + * function if a session was created. If session-less not used
> > + * xform data should be cleared after successful session creation.
> >   */
> >  enum rte_crypto_asym_xform_type {
> > -	RTE_CRYPTO_ASYM_XFORM_UNSPECIFIED = 0,
> > +	RTE_CRYPTO_ASYM_XFORM_UNSPECIFIED,
> >  	/**< Invalid xform. */
> > -	RTE_CRYPTO_ASYM_XFORM_NONE,
> > -	/**< Xform type None.
> > -	 * May be supported by PMD to support
> > -	 * passthrough op for debugging purpose.
> > -	 * if xform_type none , op_type is disregarded.
> > -	 */
> I believe removing this is not a good idea. As stated, it will help in Debugging.
> 
> >  	RTE_CRYPTO_ASYM_XFORM_RSA,
> > -	/**< RSA. Performs Encrypt, Decrypt, Sign and Verify.
> > -	 * Refer to rte_crypto_asym_op_type
> > -	 */
> > +	/**< RSA */
> >  	RTE_CRYPTO_ASYM_XFORM_DH,
> > -	/**< Diffie-Hellman.
> > -	 * Performs Key Generate and Shared Secret Compute.
> > -	 * Refer to rte_crypto_asym_op_type
> > -	 */
> > +	/**< Diffie-Hellman */
> >  	RTE_CRYPTO_ASYM_XFORM_DSA,
> > -	/**< Digital Signature Algorithm
> > -	 * Performs Signature Generation and Verification.
> > -	 * Refer to rte_crypto_asym_op_type
> > -	 */
> > +	/**< Digital Signature Algorithm */
> >  	RTE_CRYPTO_ASYM_XFORM_MODINV,
> > -	/**< Modular Multiplicative Inverse
> > -	 * Perform Modular Multiplicative Inverse b^(-1) mod n
> > -	 */
> > +	/**< Modular Multiplicative Inverse */
> >  	RTE_CRYPTO_ASYM_XFORM_MODEX,
> > -	/**< Modular Exponentiation
> > -	 * Perform Modular Exponentiation b^e mod n
> > -	 */
> > +	/**< Modular Exponentiation */
> >  	RTE_CRYPTO_ASYM_XFORM_ECDSA,
> > -	/**< Elliptic Curve Digital Signature Algorithm
> > -	 * Perform Signature Generation and Verification.
> > -	 */
> > +	/**< Elliptic Curve Digital Signature Algorithm */
> >  	RTE_CRYPTO_ASYM_XFORM_ECPM
[Arek] - maybe this is not that important but could not we have asym_algorithm instead of xform_type? There is not ECDSA/ECPM xform at all.
> >  	/**< Elliptic Curve Point Multiplication */  }; diff --git
> > a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c index
> > e16e6802aa..691625bd04 100644
> > --- a/lib/cryptodev/rte_cryptodev.c
> > +++ b/lib/cryptodev/rte_cryptodev.c
> > @@ -160,7 +160,6 @@ rte_crypto_aead_operation_strings[] = {
> >   * Asymmetric crypto transform operation strings identifiers.
> >   */
> >  const char *rte_crypto_asym_xform_strings[] = {
> > -	[RTE_CRYPTO_ASYM_XFORM_NONE]	= "none",
> >  	[RTE_CRYPTO_ASYM_XFORM_RSA]	= "rsa",
> >  	[RTE_CRYPTO_ASYM_XFORM_MODEX]	= "modexp",
> >  	[RTE_CRYPTO_ASYM_XFORM_MODINV]	= "modinv",
> > --
> > 2.13.6

Akhil Goyal May 25, 2022, 5:44 a.m. UTC | #3

> > > - Reduced number of comments in asymmetric xform.
> > > Information describing basic functionality of well known algorithms
> > > are unnecessary.
> > > - Added information about data memory lifetime.
> > > It was specified how user should work with private data, and it is
> > > user's responsability to clear it.
> > > - Removed NONE asymetric xform.
> > >
> > > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > > ---
> > >  lib/cryptodev/rte_crypto_asym.h | 45 +++++++++++++--------------------------
> --
> > >  lib/cryptodev/rte_cryptodev.c   |  1 -
> > >  2 files changed, 14 insertions(+), 32 deletions(-)
> > >
> > > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > > b/lib/cryptodev/rte_crypto_asym.h index a474b6acd1..0251e8caae 100644
> > > --- a/lib/cryptodev/rte_crypto_asym.h
> > > +++ b/lib/cryptodev/rte_crypto_asym.h
> > > @@ -55,46 +55,29 @@ enum rte_crypto_curve_id {  };
> > >
> > >  /**
> > > - * Asymmetric crypto transformation types.
> > > - * Each xform type maps to one asymmetric algorithm
> > > - * performing specific operation
> > > - *
> > > + * Asymmetric crypto algorithm static data.
> > > + * Data that may be used more than once (e.g. RSA private key).
> > > + * It is the USER responsibility to keep track of private data memory
> > > + * lifetime and security of the this data in xform. The same way
> > > + * it is the USER responsibility to call cryptodev session_clear()
> > > + * function if a session was created. If session-less not used
> > > + * xform data should be cleared after successful session creation.
> > >   */
> > >  enum rte_crypto_asym_xform_type {
> > > -	RTE_CRYPTO_ASYM_XFORM_UNSPECIFIED = 0,
> > > +	RTE_CRYPTO_ASYM_XFORM_UNSPECIFIED,
> > >  	/**< Invalid xform. */
> > > -	RTE_CRYPTO_ASYM_XFORM_NONE,
> > > -	/**< Xform type None.
> > > -	 * May be supported by PMD to support
> > > -	 * passthrough op for debugging purpose.
> > > -	 * if xform_type none , op_type is disregarded.
> > > -	 */
> > I believe removing this is not a good idea. As stated, it will help in Debugging.
> >
> > >  	RTE_CRYPTO_ASYM_XFORM_RSA,
> > > -	/**< RSA. Performs Encrypt, Decrypt, Sign and Verify.
> > > -	 * Refer to rte_crypto_asym_op_type
> > > -	 */
> > > +	/**< RSA */
> > >  	RTE_CRYPTO_ASYM_XFORM_DH,
> > > -	/**< Diffie-Hellman.
> > > -	 * Performs Key Generate and Shared Secret Compute.
> > > -	 * Refer to rte_crypto_asym_op_type
> > > -	 */
> > > +	/**< Diffie-Hellman */
> > >  	RTE_CRYPTO_ASYM_XFORM_DSA,
> > > -	/**< Digital Signature Algorithm
> > > -	 * Performs Signature Generation and Verification.
> > > -	 * Refer to rte_crypto_asym_op_type
> > > -	 */
> > > +	/**< Digital Signature Algorithm */
> > >  	RTE_CRYPTO_ASYM_XFORM_MODINV,
> > > -	/**< Modular Multiplicative Inverse
> > > -	 * Perform Modular Multiplicative Inverse b^(-1) mod n
> > > -	 */
> > > +	/**< Modular Multiplicative Inverse */
> > >  	RTE_CRYPTO_ASYM_XFORM_MODEX,
> > > -	/**< Modular Exponentiation
> > > -	 * Perform Modular Exponentiation b^e mod n
> > > -	 */
> > > +	/**< Modular Exponentiation */
> > >  	RTE_CRYPTO_ASYM_XFORM_ECDSA,
> > > -	/**< Elliptic Curve Digital Signature Algorithm
> > > -	 * Perform Signature Generation and Verification.
> > > -	 */
> > > +	/**< Elliptic Curve Digital Signature Algorithm */
> > >  	RTE_CRYPTO_ASYM_XFORM_ECPM
> [Arek] - maybe this is not that important but could not we have asym_algorithm
> instead of xform_type? There is not ECDSA/ECPM xform at all.

Converting everything to asym algo may not be good. As they have different xforms
And different type of operations.
May be we could split into xform type and algo similar to symmetric crypto?

> > >  	/**< Elliptic Curve Point Multiplication */  }; diff --git
> > > a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c index
> > > e16e6802aa..691625bd04 100644
> > > --- a/lib/cryptodev/rte_cryptodev.c
> > > +++ b/lib/cryptodev/rte_cryptodev.c
> > > @@ -160,7 +160,6 @@ rte_crypto_aead_operation_strings[] = {
> > >   * Asymmetric crypto transform operation strings identifiers.
> > >   */
> > >  const char *rte_crypto_asym_xform_strings[] = {
> > > -	[RTE_CRYPTO_ASYM_XFORM_NONE]	= "none",
> > >  	[RTE_CRYPTO_ASYM_XFORM_RSA]	= "rsa",
> > >  	[RTE_CRYPTO_ASYM_XFORM_MODEX]	= "modexp",
> > >  	[RTE_CRYPTO_ASYM_XFORM_MODINV]	= "modinv",
> > > --
> > > 2.13.6

diff mbox series

Patch

diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index a474b6acd1..0251e8caae 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -55,46 +55,29 @@  enum rte_crypto_curve_id {
 };
 
 /**
- * Asymmetric crypto transformation types.
- * Each xform type maps to one asymmetric algorithm
- * performing specific operation
- *
+ * Asymmetric crypto algorithm static data.
+ * Data that may be used more than once (e.g. RSA private key).
+ * It is the USER responsibility to keep track of private data memory
+ * lifetime and security of the this data in xform. The same way
+ * it is the USER responsibility to call cryptodev session_clear()
+ * function if a session was created. If session-less not used
+ * xform data should be cleared after successful session creation.
  */
 enum rte_crypto_asym_xform_type {
-	RTE_CRYPTO_ASYM_XFORM_UNSPECIFIED = 0,
+	RTE_CRYPTO_ASYM_XFORM_UNSPECIFIED,
 	/**< Invalid xform. */
-	RTE_CRYPTO_ASYM_XFORM_NONE,
-	/**< Xform type None.
-	 * May be supported by PMD to support
-	 * passthrough op for debugging purpose.
-	 * if xform_type none , op_type is disregarded.
-	 */
 	RTE_CRYPTO_ASYM_XFORM_RSA,
-	/**< RSA. Performs Encrypt, Decrypt, Sign and Verify.
-	 * Refer to rte_crypto_asym_op_type
-	 */
+	/**< RSA */
 	RTE_CRYPTO_ASYM_XFORM_DH,
-	/**< Diffie-Hellman.
-	 * Performs Key Generate and Shared Secret Compute.
-	 * Refer to rte_crypto_asym_op_type
-	 */
+	/**< Diffie-Hellman */
 	RTE_CRYPTO_ASYM_XFORM_DSA,
-	/**< Digital Signature Algorithm
-	 * Performs Signature Generation and Verification.
-	 * Refer to rte_crypto_asym_op_type
-	 */
+	/**< Digital Signature Algorithm */
 	RTE_CRYPTO_ASYM_XFORM_MODINV,
-	/**< Modular Multiplicative Inverse
-	 * Perform Modular Multiplicative Inverse b^(-1) mod n
-	 */
+	/**< Modular Multiplicative Inverse */
 	RTE_CRYPTO_ASYM_XFORM_MODEX,
-	/**< Modular Exponentiation
-	 * Perform Modular Exponentiation b^e mod n
-	 */
+	/**< Modular Exponentiation */
 	RTE_CRYPTO_ASYM_XFORM_ECDSA,
-	/**< Elliptic Curve Digital Signature Algorithm
-	 * Perform Signature Generation and Verification.
-	 */
+	/**< Elliptic Curve Digital Signature Algorithm */
 	RTE_CRYPTO_ASYM_XFORM_ECPM
 	/**< Elliptic Curve Point Multiplication */
 };
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index e16e6802aa..691625bd04 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -160,7 +160,6 @@  rte_crypto_aead_operation_strings[] = {
  * Asymmetric crypto transform operation strings identifiers.
  */
 const char *rte_crypto_asym_xform_strings[] = {
-	[RTE_CRYPTO_ASYM_XFORM_NONE]	= "none",
 	[RTE_CRYPTO_ASYM_XFORM_RSA]	= "rsa",
 	[RTE_CRYPTO_ASYM_XFORM_MODEX]	= "modexp",
 	[RTE_CRYPTO_ASYM_XFORM_MODINV]	= "modinv",