[v2,03/14] cryptodev: separate key exchange operation enum
Checks
Commit Message
- Separated key exchange enum from asym op type.
Key exchange and asymmetric crypto operations like signatures,
encryption/decryption should not share same operation enum as
its use cases are unrelated and mutually exclusive.
Therefore op_type was separate into:
1) operation type
2) key exchange operation type
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
app/test/test_cryptodev_asym.c | 11 +++----
drivers/crypto/openssl/rte_openssl_pmd.c | 10 +++----
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 12 ++++----
lib/cryptodev/rte_crypto_asym.h | 45 +++++++++++++++++-----------
lib/cryptodev/rte_cryptodev.c | 14 ++++++---
5 files changed, 55 insertions(+), 37 deletions(-)
Comments
> /**
> + * Asymmetric crypto key exchange operation type
> + */
> +enum rte_crypto_asym_ke_type {
> + RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE,
Is it better to shorten it to
RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE
RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE
> + /**< Private Key generation operation */
> + RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE,
> + /**< Public Key generation operation */
> + RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
> + /**< Shared Secret compute operation */
> +};
> +
> +/**
> * Padding types for RSA signature.
> */
> enum rte_crypto_rsa_padding_type {
> @@ -238,7 +248,7 @@ struct rte_crypto_modinv_xform {
> *
> */
> struct rte_crypto_dh_xform {
> - enum rte_crypto_asym_op_type type;
> + enum rte_crypto_asym_ke_type type;
> /**< Setup xform for key generate or shared secret compute */
> rte_crypto_uint p;
> /**< Prime modulus data */
> @@ -375,26 +385,27 @@ struct rte_crypto_rsa_op_param {
> struct rte_crypto_dh_op_param {
> rte_crypto_uint pub_key;
> /**<
> - * Output generated public key when xform type is
> - * DH PUB_KEY_GENERATION.
> - * Input peer public key when xform type is DH
> - * SHARED_SECRET_COMPUTATION
> + * Output - generated public key, when xform type is
It is not xform type, Right?
It should be key exchange type.
Check at other places also.
> + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE.
> *
> + * Input - peer's public key, when xform type is
> + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
> */
>
> rte_crypto_uint priv_key;
> /**<
> - * Output generated private key if xform type is
> - * DH PRIVATE_KEY_GENERATION
> - * Input when xform type is DH SHARED_SECRET_COMPUTATION.
> + * Output - generated private key, when xform type is
> + * RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE.
> *
> + * Input - private key, when xform type is one of:
> + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE,
> + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
> */
>
> rte_crypto_uint shared_secret;
> /**<
> - * Output with calculated shared secret
> - * when dh xform set up with op type =
> SHARED_SECRET_COMPUTATION.
> - *
> + * Output - calculated shared secret when xform type is
> + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
> */
> };
>
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Thursday, May 26, 2022 12:58 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>
> Subject: RE: [EXT] [PATCH v2 03/14] cryptodev: separate key exchange
> operation enum
>
> > /**
> > + * Asymmetric crypto key exchange operation type */ enum
> > +rte_crypto_asym_ke_type {
> > + RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE,
>
> Is it better to shorten it to
> RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE
> RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE
+1, Actually I am not big fan of having asym everywhere too.
RTE_CRYPTO_KE_PRIV_KEY_GENERATE would be equally good.
>
> > + /**< Private Key generation operation */
> > + RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE,
> > + /**< Public Key generation operation */
> > + RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
> > + /**< Shared Secret compute operation */ };
> > +
> > +/**
> > * Padding types for RSA signature.
> > */
> > enum rte_crypto_rsa_padding_type {
> > @@ -238,7 +248,7 @@ struct rte_crypto_modinv_xform {
> > *
> > */
> > struct rte_crypto_dh_xform {
> > - enum rte_crypto_asym_op_type type;
> > + enum rte_crypto_asym_ke_type type;
> > /**< Setup xform for key generate or shared secret compute */
> > rte_crypto_uint p;
> > /**< Prime modulus data */
> > @@ -375,26 +385,27 @@ struct rte_crypto_rsa_op_param { struct
> > rte_crypto_dh_op_param {
> > rte_crypto_uint pub_key;
> > /**<
> > - * Output generated public key when xform type is
> > - * DH PUB_KEY_GENERATION.
> > - * Input peer public key when xform type is DH
> > - * SHARED_SECRET_COMPUTATION
> > + * Output - generated public key, when xform type is
>
> It is not xform type, Right?
> It should be key exchange type.
Yes, I meant xform op_type. Will change, leter it will be overwritten by move dh op patch too.
> Check at other places also.
>
> > + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE.
> > *
> > + * Input - peer's public key, when xform type is
> > + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
> > */
> >
> > rte_crypto_uint priv_key;
> > /**<
> > - * Output generated private key if xform type is
> > - * DH PRIVATE_KEY_GENERATION
> > - * Input when xform type is DH SHARED_SECRET_COMPUTATION.
> > + * Output - generated private key, when xform type is
> > + * RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE.
> > *
> > + * Input - private key, when xform type is one of:
> > + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE,
> > + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
> > */
> >
> > rte_crypto_uint shared_secret;
> > /**<
> > - * Output with calculated shared secret
> > - * when dh xform set up with op type =
> > SHARED_SECRET_COMPUTATION.
> > - *
> > + * Output - calculated shared secret when xform type is
> > + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
> > */
> > };
> >
> > > /**
> > > + * Asymmetric crypto key exchange operation type */ enum
> > > +rte_crypto_asym_ke_type {
> > > + RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE,
> >
> > Is it better to shorten it to
> > RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE
> > RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE
> +1, Actually I am not big fan of having asym everywhere too.
> RTE_CRYPTO_KE_PRIV_KEY_GENERATE would be equally good.
It is better to keep ASYM, or else people might relate with IKE
> >
> > > + /**< Private Key generation operation */
> > > + RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE,
> > > + /**< Public Key generation operation */
> > > + RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
> > > + /**< Shared Secret compute operation */ };
> > > +
> > > +/**
> > > * Padding types for RSA signature.
> > > */
> > > enum rte_crypto_rsa_padding_type {
> > > @@ -238,7 +248,7 @@ struct rte_crypto_modinv_xform {
> > > *
> > > */
> > > struct rte_crypto_dh_xform {
> > > - enum rte_crypto_asym_op_type type;
> > > + enum rte_crypto_asym_ke_type type;
> > > /**< Setup xform for key generate or shared secret compute */
> > > rte_crypto_uint p;
> > > /**< Prime modulus data */
> > > @@ -375,26 +385,27 @@ struct rte_crypto_rsa_op_param { struct
> > > rte_crypto_dh_op_param {
> > > rte_crypto_uint pub_key;
> > > /**<
> > > - * Output generated public key when xform type is
> > > - * DH PUB_KEY_GENERATION.
> > > - * Input peer public key when xform type is DH
> > > - * SHARED_SECRET_COMPUTATION
> > > + * Output - generated public key, when xform type is
> >
> > It is not xform type, Right?
> > It should be key exchange type.
> Yes, I meant xform op_type. Will change, leter it will be overwritten by move dh
> op patch too.
OK
> > Check at other places also.
> >
> > > + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE.
> > > *
> > > + * Input - peer's public key, when xform type is
> > > + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
> > > */
> > >
> > > rte_crypto_uint priv_key;
> > > /**<
> > > - * Output generated private key if xform type is
> > > - * DH PRIVATE_KEY_GENERATION
> > > - * Input when xform type is DH SHARED_SECRET_COMPUTATION.
> > > + * Output - generated private key, when xform type is
> > > + * RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE.
> > > *
> > > + * Input - private key, when xform type is one of:
> > > + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE,
> > > + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
> > > */
> > >
> > > rte_crypto_uint shared_secret;
> > > /**<
> > > - * Output with calculated shared secret
> > > - * when dh xform set up with op type =
> > > SHARED_SECRET_COMPUTATION.
> > > - *
> > > + * Output - calculated shared secret when xform type is
> > > + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
> > > */
> > > };
> > >
@@ -1062,7 +1062,7 @@ test_dh_gen_shared_sec(struct rte_crypto_asym_xform *xfrm)
asym_op = op->asym;
/* Setup a xform and op to generate private key only */
- xform.dh.type = RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE;
+ xform.dh.type = RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE;
xform.next = NULL;
asym_op->dh.priv_key.data = dh_test_params.priv_key.data;
asym_op->dh.priv_key.length = dh_test_params.priv_key.length;
@@ -1144,7 +1144,7 @@ test_dh_gen_priv_key(struct rte_crypto_asym_xform *xfrm)
asym_op = op->asym;
/* Setup a xform and op to generate private key only */
- xform.dh.type = RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE;
+ xform.dh.type = RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE;
xform.next = NULL;
asym_op->dh.priv_key.data = output;
asym_op->dh.priv_key.length = sizeof(output);
@@ -1227,7 +1227,7 @@ test_dh_gen_pub_key(struct rte_crypto_asym_xform *xfrm)
* using test private key
*
*/
- xform.dh.type = RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE;
+ xform.dh.type = RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE;
xform.next = NULL;
asym_op->dh.pub_key.data = output;
@@ -1317,9 +1317,10 @@ test_dh_gen_kp(struct rte_crypto_asym_xform *xfrm)
/* Setup a xform chain to generate
* private key first followed by
* public key
- */xform.dh.type = RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE;
+ */
+ xform.dh.type = RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE;
pub_key_xform.xform_type = RTE_CRYPTO_ASYM_XFORM_DH;
- pub_key_xform.dh.type = RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE;
+ pub_key_xform.dh.type = RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE;
xform.next = &pub_key_xform;
asym_op->dh.pub_key.data = out_pub_key;
@@ -1697,7 +1697,7 @@ process_openssl_dh_op(struct rte_crypto_op *cop,
int ret = 0;
if (sess->u.dh.key_op &
- (1 << RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE)) {
+ (1 << RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE)) {
/* compute shared secret using peer public key
* and current private key
* shared secret = peer_key ^ priv_key mod p
@@ -1754,9 +1754,9 @@ process_openssl_dh_op(struct rte_crypto_op *cop,
* then first set DH with user provided private key
*/
if ((sess->u.dh.key_op &
- (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) &&
+ (1 << RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE)) &&
!(sess->u.dh.key_op &
- (1 << RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE))) {
+ (1 << RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE))) {
/* generate public key using user-provided private key
* pub_key = g ^ priv_key mod p
*/
@@ -1790,7 +1790,7 @@ process_openssl_dh_op(struct rte_crypto_op *cop,
return 0;
}
- if (sess->u.dh.key_op & (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) {
+ if (sess->u.dh.key_op & (1 << RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE)) {
const BIGNUM *pub_key = NULL;
OPENSSL_LOG(DEBUG, "%s:%d update public key\n",
@@ -1805,7 +1805,7 @@ process_openssl_dh_op(struct rte_crypto_op *cop,
}
if (sess->u.dh.key_op &
- (1 << RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE)) {
+ (1 << RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE)) {
const BIGNUM *priv_key = NULL;
OPENSSL_LOG(DEBUG, "%s:%d updated priv key\n",
@@ -533,10 +533,10 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
.xform_capa = {
.xform_type = RTE_CRYPTO_ASYM_XFORM_DH,
.op_types =
- ((1<<RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) |
- (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE |
+ ((1<<RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE) |
+ (1 << RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE |
(1 <<
- RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE))),
+ RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE))),
{
.modlen = {
/* value 0 symbolizes no limit on min length */
@@ -1009,13 +1009,13 @@ static int openssl_set_asym_session_parameters(
asym_session->u.dh.key_op = (1 << xform->dh.type);
if (xform->dh.type ==
- RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) {
+ RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE) {
/* check if next is pubkey */
if ((xform->next != NULL) &&
(xform->next->xform_type ==
RTE_CRYPTO_ASYM_XFORM_DH) &&
(xform->next->dh.type ==
- RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)
+ RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE)
) {
/*
* setup op as pub/priv key
@@ -1023,7 +1023,7 @@ static int openssl_set_asym_session_parameters(
*/
asym_session->u.dh.key_op |=
(1 <<
- RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE);
+ RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE);
}
}
asym_session->u.dh.dh_key = dh;
@@ -33,6 +33,10 @@ struct rte_cryptodev_asym_session;
extern const char *
rte_crypto_asym_xform_strings[];
+/** asym key exchange operation type name strings */
+extern const char *
+rte_crypto_asym_ke_strings[];
+
/** asym operations type name strings */
extern const char *
rte_crypto_asym_op_strings[];
@@ -124,16 +128,22 @@ enum rte_crypto_asym_op_type {
/**< Signature Generation operation */
RTE_CRYPTO_ASYM_OP_VERIFY,
/**< Signature Verification operation */
- RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE,
- /**< DH Private Key generation operation */
- RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE,
- /**< DH Public Key generation operation */
- RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE,
- /**< DH Shared Secret compute operation */
RTE_CRYPTO_ASYM_OP_LIST_END
};
/**
+ * Asymmetric crypto key exchange operation type
+ */
+enum rte_crypto_asym_ke_type {
+ RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE,
+ /**< Private Key generation operation */
+ RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE,
+ /**< Public Key generation operation */
+ RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
+ /**< Shared Secret compute operation */
+};
+
+/**
* Padding types for RSA signature.
*/
enum rte_crypto_rsa_padding_type {
@@ -238,7 +248,7 @@ struct rte_crypto_modinv_xform {
*
*/
struct rte_crypto_dh_xform {
- enum rte_crypto_asym_op_type type;
+ enum rte_crypto_asym_ke_type type;
/**< Setup xform for key generate or shared secret compute */
rte_crypto_uint p;
/**< Prime modulus data */
@@ -375,26 +385,27 @@ struct rte_crypto_rsa_op_param {
struct rte_crypto_dh_op_param {
rte_crypto_uint pub_key;
/**<
- * Output generated public key when xform type is
- * DH PUB_KEY_GENERATION.
- * Input peer public key when xform type is DH
- * SHARED_SECRET_COMPUTATION
+ * Output - generated public key, when xform type is
+ * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE.
*
+ * Input - peer's public key, when xform type is
+ * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
*/
rte_crypto_uint priv_key;
/**<
- * Output generated private key if xform type is
- * DH PRIVATE_KEY_GENERATION
- * Input when xform type is DH SHARED_SECRET_COMPUTATION.
+ * Output - generated private key, when xform type is
+ * RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE.
*
+ * Input - private key, when xform type is one of:
+ * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE,
+ * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
*/
rte_crypto_uint shared_secret;
/**<
- * Output with calculated shared secret
- * when dh xform set up with op type = SHARED_SECRET_COMPUTATION.
- *
+ * Output - calculated shared secret when xform type is
+ * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
*/
};
@@ -176,10 +176,16 @@ const char *rte_crypto_asym_op_strings[] = {
[RTE_CRYPTO_ASYM_OP_ENCRYPT] = "encrypt",
[RTE_CRYPTO_ASYM_OP_DECRYPT] = "decrypt",
[RTE_CRYPTO_ASYM_OP_SIGN] = "sign",
- [RTE_CRYPTO_ASYM_OP_VERIFY] = "verify",
- [RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE] = "priv_key_generate",
- [RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE] = "pub_key_generate",
- [RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE] = "sharedsecret_compute",
+ [RTE_CRYPTO_ASYM_OP_VERIFY] = "verify"
+};
+
+/**
+ * Asymmetric crypto key exchange operation strings identifiers.
+ */
+const char *rte_crypto_asym_ke_strings[] = {
+ [RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE] = "priv_key_generate",
+ [RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE] = "pub_key_generate",
+ [RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE] = "sharedsecret_compute"
};
/**