| Message ID | 20220525155324.9288-4-arkadiuszx.kusztal@intel.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | akhil goyal |
| Headers | show |
| Series | cryptodev: rsa, dh, ecdh changes | expand |
| Context | Check | Description |
|---|---|---|
| ci/checkpatch | success | coding style OK |
> /** > + * Asymmetric crypto key exchange operation type > + */ > +enum rte_crypto_asym_ke_type { > + RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE, Is it better to shorten it to RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE > + /**< Private Key generation operation */ > + RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, > + /**< Public Key generation operation */ > + RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE > + /**< Shared Secret compute operation */ > +}; > + > +/** > * Padding types for RSA signature. > */ > enum rte_crypto_rsa_padding_type { > @@ -238,7 +248,7 @@ struct rte_crypto_modinv_xform { > * > */ > struct rte_crypto_dh_xform { > - enum rte_crypto_asym_op_type type; > + enum rte_crypto_asym_ke_type type; > /**< Setup xform for key generate or shared secret compute */ > rte_crypto_uint p; > /**< Prime modulus data */ > @@ -375,26 +385,27 @@ struct rte_crypto_rsa_op_param { > struct rte_crypto_dh_op_param { > rte_crypto_uint pub_key; > /**< > - * Output generated public key when xform type is > - * DH PUB_KEY_GENERATION. > - * Input peer public key when xform type is DH > - * SHARED_SECRET_COMPUTATION > + * Output - generated public key, when xform type is It is not xform type, Right? It should be key exchange type. Check at other places also. > + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE. > * > + * Input - peer's public key, when xform type is > + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. > */ > > rte_crypto_uint priv_key; > /**< > - * Output generated private key if xform type is > - * DH PRIVATE_KEY_GENERATION > - * Input when xform type is DH SHARED_SECRET_COMPUTATION. > + * Output - generated private key, when xform type is > + * RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE. > * > + * Input - private key, when xform type is one of: > + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, > + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. > */ > > rte_crypto_uint shared_secret; > /**< > - * Output with calculated shared secret > - * when dh xform set up with op type = > SHARED_SECRET_COMPUTATION. > - * > + * Output - calculated shared secret when xform type is > + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. > */ > }; >
> -----Original Message----- > From: Akhil Goyal <gakhil@marvell.com> > Sent: Thursday, May 26, 2022 12:58 PM > To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org > Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com> > Subject: RE: [EXT] [PATCH v2 03/14] cryptodev: separate key exchange > operation enum > > > /** > > + * Asymmetric crypto key exchange operation type */ enum > > +rte_crypto_asym_ke_type { > > + RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE, > > Is it better to shorten it to > RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE > RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE +1, Actually I am not big fan of having asym everywhere too. RTE_CRYPTO_KE_PRIV_KEY_GENERATE would be equally good. > > > + /**< Private Key generation operation */ > > + RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, > > + /**< Public Key generation operation */ > > + RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE > > + /**< Shared Secret compute operation */ }; > > + > > +/** > > * Padding types for RSA signature. > > */ > > enum rte_crypto_rsa_padding_type { > > @@ -238,7 +248,7 @@ struct rte_crypto_modinv_xform { > > * > > */ > > struct rte_crypto_dh_xform { > > - enum rte_crypto_asym_op_type type; > > + enum rte_crypto_asym_ke_type type; > > /**< Setup xform for key generate or shared secret compute */ > > rte_crypto_uint p; > > /**< Prime modulus data */ > > @@ -375,26 +385,27 @@ struct rte_crypto_rsa_op_param { struct > > rte_crypto_dh_op_param { > > rte_crypto_uint pub_key; > > /**< > > - * Output generated public key when xform type is > > - * DH PUB_KEY_GENERATION. > > - * Input peer public key when xform type is DH > > - * SHARED_SECRET_COMPUTATION > > + * Output - generated public key, when xform type is > > It is not xform type, Right? > It should be key exchange type. Yes, I meant xform op_type. Will change, leter it will be overwritten by move dh op patch too. > Check at other places also. > > > + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE. > > * > > + * Input - peer's public key, when xform type is > > + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. > > */ > > > > rte_crypto_uint priv_key; > > /**< > > - * Output generated private key if xform type is > > - * DH PRIVATE_KEY_GENERATION > > - * Input when xform type is DH SHARED_SECRET_COMPUTATION. > > + * Output - generated private key, when xform type is > > + * RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE. > > * > > + * Input - private key, when xform type is one of: > > + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, > > + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. > > */ > > > > rte_crypto_uint shared_secret; > > /**< > > - * Output with calculated shared secret > > - * when dh xform set up with op type = > > SHARED_SECRET_COMPUTATION. > > - * > > + * Output - calculated shared secret when xform type is > > + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. > > */ > > }; > >
> > > /** > > > + * Asymmetric crypto key exchange operation type */ enum > > > +rte_crypto_asym_ke_type { > > > + RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE, > > > > Is it better to shorten it to > > RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE > > RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE > +1, Actually I am not big fan of having asym everywhere too. > RTE_CRYPTO_KE_PRIV_KEY_GENERATE would be equally good. It is better to keep ASYM, or else people might relate with IKE > > > > > + /**< Private Key generation operation */ > > > + RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, > > > + /**< Public Key generation operation */ > > > + RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE > > > + /**< Shared Secret compute operation */ }; > > > + > > > +/** > > > * Padding types for RSA signature. > > > */ > > > enum rte_crypto_rsa_padding_type { > > > @@ -238,7 +248,7 @@ struct rte_crypto_modinv_xform { > > > * > > > */ > > > struct rte_crypto_dh_xform { > > > - enum rte_crypto_asym_op_type type; > > > + enum rte_crypto_asym_ke_type type; > > > /**< Setup xform for key generate or shared secret compute */ > > > rte_crypto_uint p; > > > /**< Prime modulus data */ > > > @@ -375,26 +385,27 @@ struct rte_crypto_rsa_op_param { struct > > > rte_crypto_dh_op_param { > > > rte_crypto_uint pub_key; > > > /**< > > > - * Output generated public key when xform type is > > > - * DH PUB_KEY_GENERATION. > > > - * Input peer public key when xform type is DH > > > - * SHARED_SECRET_COMPUTATION > > > + * Output - generated public key, when xform type is > > > > It is not xform type, Right? > > It should be key exchange type. > Yes, I meant xform op_type. Will change, leter it will be overwritten by move dh > op patch too. OK > > Check at other places also. > > > > > + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE. > > > * > > > + * Input - peer's public key, when xform type is > > > + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. > > > */ > > > > > > rte_crypto_uint priv_key; > > > /**< > > > - * Output generated private key if xform type is > > > - * DH PRIVATE_KEY_GENERATION > > > - * Input when xform type is DH SHARED_SECRET_COMPUTATION. > > > + * Output - generated private key, when xform type is > > > + * RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE. > > > * > > > + * Input - private key, when xform type is one of: > > > + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, > > > + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. > > > */ > > > > > > rte_crypto_uint shared_secret; > > > /**< > > > - * Output with calculated shared secret > > > - * when dh xform set up with op type = > > > SHARED_SECRET_COMPUTATION. > > > - * > > > + * Output - calculated shared secret when xform type is > > > + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. > > > */ > > > }; > > >
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index 5aa9d65395..1b77aa2b6a 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -1062,7 +1062,7 @@ test_dh_gen_shared_sec(struct rte_crypto_asym_xform *xfrm) asym_op = op->asym; /* Setup a xform and op to generate private key only */ - xform.dh.type = RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE; + xform.dh.type = RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE; xform.next = NULL; asym_op->dh.priv_key.data = dh_test_params.priv_key.data; asym_op->dh.priv_key.length = dh_test_params.priv_key.length; @@ -1144,7 +1144,7 @@ test_dh_gen_priv_key(struct rte_crypto_asym_xform *xfrm) asym_op = op->asym; /* Setup a xform and op to generate private key only */ - xform.dh.type = RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE; + xform.dh.type = RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE; xform.next = NULL; asym_op->dh.priv_key.data = output; asym_op->dh.priv_key.length = sizeof(output); @@ -1227,7 +1227,7 @@ test_dh_gen_pub_key(struct rte_crypto_asym_xform *xfrm) * using test private key * */ - xform.dh.type = RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE; + xform.dh.type = RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE; xform.next = NULL; asym_op->dh.pub_key.data = output; @@ -1317,9 +1317,10 @@ test_dh_gen_kp(struct rte_crypto_asym_xform *xfrm) /* Setup a xform chain to generate * private key first followed by * public key - */xform.dh.type = RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE; + */ + xform.dh.type = RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE; pub_key_xform.xform_type = RTE_CRYPTO_ASYM_XFORM_DH; - pub_key_xform.dh.type = RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE; + pub_key_xform.dh.type = RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE; xform.next = &pub_key_xform; asym_op->dh.pub_key.data = out_pub_key; diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index d80e1052e2..2a3930df0a 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1697,7 +1697,7 @@ process_openssl_dh_op(struct rte_crypto_op *cop, int ret = 0; if (sess->u.dh.key_op & - (1 << RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE)) { + (1 << RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE)) { /* compute shared secret using peer public key * and current private key * shared secret = peer_key ^ priv_key mod p @@ -1754,9 +1754,9 @@ process_openssl_dh_op(struct rte_crypto_op *cop, * then first set DH with user provided private key */ if ((sess->u.dh.key_op & - (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) && + (1 << RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE)) && !(sess->u.dh.key_op & - (1 << RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE))) { + (1 << RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE))) { /* generate public key using user-provided private key * pub_key = g ^ priv_key mod p */ @@ -1790,7 +1790,7 @@ process_openssl_dh_op(struct rte_crypto_op *cop, return 0; } - if (sess->u.dh.key_op & (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) { + if (sess->u.dh.key_op & (1 << RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE)) { const BIGNUM *pub_key = NULL; OPENSSL_LOG(DEBUG, "%s:%d update public key\n", @@ -1805,7 +1805,7 @@ process_openssl_dh_op(struct rte_crypto_op *cop, } if (sess->u.dh.key_op & - (1 << RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE)) { + (1 << RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE)) { const BIGNUM *priv_key = NULL; OPENSSL_LOG(DEBUG, "%s:%d updated priv key\n", diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 1cb07794bd..c975ef640a 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -533,10 +533,10 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { .xform_capa = { .xform_type = RTE_CRYPTO_ASYM_XFORM_DH, .op_types = - ((1<<RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) | - (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE | + ((1<<RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE) | + (1 << RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE | (1 << - RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE))), + RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE))), { .modlen = { /* value 0 symbolizes no limit on min length */ @@ -1009,13 +1009,13 @@ static int openssl_set_asym_session_parameters( asym_session->u.dh.key_op = (1 << xform->dh.type); if (xform->dh.type == - RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) { + RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE) { /* check if next is pubkey */ if ((xform->next != NULL) && (xform->next->xform_type == RTE_CRYPTO_ASYM_XFORM_DH) && (xform->next->dh.type == - RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE) + RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE) ) { /* * setup op as pub/priv key @@ -1023,7 +1023,7 @@ static int openssl_set_asym_session_parameters( */ asym_session->u.dh.key_op |= (1 << - RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE); + RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE); } } asym_session->u.dh.dh_key = dh; diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 66ffb29743..2b427afa3f 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -33,6 +33,10 @@ struct rte_cryptodev_asym_session; extern const char * rte_crypto_asym_xform_strings[]; +/** asym key exchange operation type name strings */ +extern const char * +rte_crypto_asym_ke_strings[]; + /** asym operations type name strings */ extern const char * rte_crypto_asym_op_strings[]; @@ -124,16 +128,22 @@ enum rte_crypto_asym_op_type { /**< Signature Generation operation */ RTE_CRYPTO_ASYM_OP_VERIFY, /**< Signature Verification operation */ - RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE, - /**< DH Private Key generation operation */ - RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE, - /**< DH Public Key generation operation */ - RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE, - /**< DH Shared Secret compute operation */ RTE_CRYPTO_ASYM_OP_LIST_END }; /** + * Asymmetric crypto key exchange operation type + */ +enum rte_crypto_asym_ke_type { + RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE, + /**< Private Key generation operation */ + RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, + /**< Public Key generation operation */ + RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE + /**< Shared Secret compute operation */ +}; + +/** * Padding types for RSA signature. */ enum rte_crypto_rsa_padding_type { @@ -238,7 +248,7 @@ struct rte_crypto_modinv_xform { * */ struct rte_crypto_dh_xform { - enum rte_crypto_asym_op_type type; + enum rte_crypto_asym_ke_type type; /**< Setup xform for key generate or shared secret compute */ rte_crypto_uint p; /**< Prime modulus data */ @@ -375,26 +385,27 @@ struct rte_crypto_rsa_op_param { struct rte_crypto_dh_op_param { rte_crypto_uint pub_key; /**< - * Output generated public key when xform type is - * DH PUB_KEY_GENERATION. - * Input peer public key when xform type is DH - * SHARED_SECRET_COMPUTATION + * Output - generated public key, when xform type is + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE. * + * Input - peer's public key, when xform type is + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. */ rte_crypto_uint priv_key; /**< - * Output generated private key if xform type is - * DH PRIVATE_KEY_GENERATION - * Input when xform type is DH SHARED_SECRET_COMPUTATION. + * Output - generated private key, when xform type is + * RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE. * + * Input - private key, when xform type is one of: + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. */ rte_crypto_uint shared_secret; /**< - * Output with calculated shared secret - * when dh xform set up with op type = SHARED_SECRET_COMPUTATION. - * + * Output - calculated shared secret when xform type is + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. */ }; diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c index 691625bd04..af58f49d07 100644 --- a/lib/cryptodev/rte_cryptodev.c +++ b/lib/cryptodev/rte_cryptodev.c @@ -176,10 +176,16 @@ const char *rte_crypto_asym_op_strings[] = { [RTE_CRYPTO_ASYM_OP_ENCRYPT] = "encrypt", [RTE_CRYPTO_ASYM_OP_DECRYPT] = "decrypt", [RTE_CRYPTO_ASYM_OP_SIGN] = "sign", - [RTE_CRYPTO_ASYM_OP_VERIFY] = "verify", - [RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE] = "priv_key_generate", - [RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE] = "pub_key_generate", - [RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE] = "sharedsecret_compute", + [RTE_CRYPTO_ASYM_OP_VERIFY] = "verify" +}; + +/** + * Asymmetric crypto key exchange operation strings identifiers. + */ +const char *rte_crypto_asym_ke_strings[] = { + [RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE] = "priv_key_generate", + [RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE] = "pub_key_generate", + [RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE] = "sharedsecret_compute" }; /**
- Separated key exchange enum from asym op type. Key exchange and asymmetric crypto operations like signatures, encryption/decryption should not share same operation enum as its use cases are unrelated and mutually exclusive. Therefore op_type was separate into: 1) operation type 2) key exchange operation type Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com> --- app/test/test_cryptodev_asym.c | 11 +++---- drivers/crypto/openssl/rte_openssl_pmd.c | 10 +++---- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 12 ++++---- lib/cryptodev/rte_crypto_asym.h | 45 +++++++++++++++++----------- lib/cryptodev/rte_cryptodev.c | 14 ++++++--- 5 files changed, 55 insertions(+), 37 deletions(-)