From patchwork Fri May 20 05:54:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 111514 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id DA8BDA0503; Fri, 20 May 2022 09:05:36 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 7EF3942BFA; Fri, 20 May 2022 09:03:48 +0200 (CEST) Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31]) by mails.dpdk.org (Postfix) with ESMTP id D97A742BF8 for ; Fri, 20 May 2022 09:03:46 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653030227; x=1684566227; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=7M2oGRIjPsoTR9hln6ExGUjR87b29DueVTpmE7s5PcE=; b=XO0DHgsixq4x+aNQmCwzVhPYDDhQNp81gblK2Xw2lNR0kXnMIpp4yK2J K2widZp4Fft50b+VOUIjFQ+nE9siYb5enR6MXGmri5rgx7WGByVjAGpxc gNPCXL3DanmUEYuC/RofBHfl+ytj2iRGt6JTUHdE2bEq+A1LuM1SsdnoF CRe8Eeha9Fofbvb3oeyS++RwmNHP+/hSaStSXCzjs7EB9Q0pkPOyMkTPt KDINEf5gF0QvBEnQbyU6MLacgRMoT3DBjb8j2afJuPbGhzjZrHkZkdho/ owNR7kz/y2RpN6R2BTbAd3iNuI+tIvTqlSdBSfTcRlYNONIKCKY0T+rTg A==; X-IronPort-AV: E=McAfee;i="6400,9594,10352"; a="333140448" X-IronPort-AV: E=Sophos;i="5.91,238,1647327600"; d="scan'208";a="333140448" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 May 2022 00:03:46 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,238,1647327600"; d="scan'208";a="599058528" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by orsmga008.jf.intel.com with ESMTP; 20 May 2022 00:03:44 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, anoobj@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH 30/40] cryptodev: reduce rsa struct to only necessary fields Date: Fri, 20 May 2022 06:54:35 +0100 Message-Id: <20220520055445.40063-31-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220520055445.40063-1-arkadiuszx.kusztal@intel.com> References: <20220520055445.40063-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org - reduced rsa struct to only necessary fields. RSA operation is generally used with one input and one output. One exception for this is signature verification, when RSA verify called, both message and signature are inputs, but there is no rsa output except for op status. Signed-off-by: Arek Kusztal --- lib/cryptodev/rte_crypto_asym.h | 87 +++++++++++++++++++++++------------------ 1 file changed, 50 insertions(+), 37 deletions(-) diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index c864b8a115..37dd3b9d86 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -362,53 +362,66 @@ struct rte_crypto_rsa_op_param { enum rte_crypto_asym_op_type op_type; /**< Type of RSA operation for transform */ - rte_crypto_param message; + rte_crypto_param input; /**< - * Pointer to input data - * - to be encrypted for RSA public encrypt. - * - to be signed for RSA sign generation. - * - to be authenticated for RSA sign verification. + * When op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT: + * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE + * input should only be used along with cryptographically + * secure padding scheme. + * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 + * input shall be no longer than public modulus minus 11. + * If padding.type = RTE_CRYPTO_RSA_PADDING_OAEP + * input shall be no longer than public modulus - + * 2 * len(hash) - 2. + * When op_type == RTE_CRYPTO_ASYM_OP_SIGN: * - * Pointer to output data - * - for RSA private decrypt. - * In this case the underlying array should have been - * allocated with enough memory to hold plaintext output - * (i.e. must be at least RSA key size). The message.length - * field should be 0 and will be overwritten by the PMD - * with the decrypted length. + * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE + * input should only be used along with cryptographically + * secure padding scheme. * + * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or + * RTE_CRYPTO_RSA_PADDING_PSS + * if the RTE_CRYPTO_RSA_FLAG_PT flag is set, input shall contain + * the message to be signed, if this flag is not set, + * input shall contain the digest of the message to be signed. * - * All data is in Octet-string network byte order format. - */ - - rte_crypto_param cipher; - /**< - * Pointer to input data - * - to be decrypted for RSA private decrypt. + * When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT: * - * Pointer to output data - * - for RSA public encrypt. - * In this case the underlying array should have been allocated - * with enough memory to hold ciphertext output (i.e. must be - * at least RSA key size). The cipher.length field should - * be 0 and will be overwritten by the PMD with the encrypted length. + * Input shall contain previously encrypted RSA message. * - * All data is in Octet-string network byte order format. + * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY: + * + * Input shall contain signature to be verified */ - - rte_crypto_param sign; + union { + rte_crypto_param output; + rte_crypto_param message; + }; /**< - * Pointer to input data - * - to be verified for RSA public decrypt. + * When op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT: + * + * Output shall contain encrypted data, output.length shall + * be set to the length of encrypted data. + * + * When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT/RTE_CRYPTO_ASYM_OP_SIGN: * - * Pointer to output data - * - for RSA private encrypt. - * In this case the underlying array should have been allocated - * with enough memory to hold signature output (i.e. must be - * at least RSA key size). The sign.length field should - * be 0 and will be overwritten by the PMD with the signature length. + * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE + * output shall contain decrypted/signed data, but all leading zeros + * shall be preserved. Therefore output.length should be + * equal to the length of the modulus.. + * For other types of padding, output should contain + * decrypted data, and output.length shall be set to the length + * of decrypted data. * - * All data is in Octet-string network byte order format. + * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY: + * + * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE + * output shall contain the public key decrypted signature. + * All leading zeroes shall be preserved. + * + * For other padding types, the message should be set with data for the + * signature to be compared with. */ + struct rte_crypto_rsa_padding padding; /**< RSA padding information */