[v2] cryptodev: add ec points to sm2 op
Checks
Commit Message
In the case when PMD cannot support the full process of the SM2,
but elliptic curve computation only, additional fields
are needed to handle such a case.
Points C1, kP therefore were added to the SM2 crypto operation struct.
Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
lib/cryptodev/rte_crypto_asym.h | 119 ++++++++++++++++++++++++----------------
1 file changed, 71 insertions(+), 48 deletions(-)
Comments
> In the case when PMD cannot support the full process of the SM2,
> but elliptic curve computation only, additional fields
> are needed to handle such a case.
>
> Points C1, kP therefore were added to the SM2 crypto operation struct.
>
> Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
> ---
> lib/cryptodev/rte_crypto_asym.h | 119 ++++++++++++++++++++++++-------------
> ---
> 1 file changed, 71 insertions(+), 48 deletions(-)
>
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 39d3da3952..f59759062f 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -600,40 +600,6 @@ struct rte_crypto_ecpm_op_param {
> };
>
> /**
> - * Asymmetric crypto transform data
> - *
> - * Structure describing asym xforms.
> - */
> -struct rte_crypto_asym_xform {
> - struct rte_crypto_asym_xform *next;
> - /**< Pointer to next xform to set up xform chain.*/
> - enum rte_crypto_asym_xform_type xform_type;
> - /**< Asymmetric crypto transform */
> -
> - union {
> - struct rte_crypto_rsa_xform rsa;
> - /**< RSA xform parameters */
> -
> - struct rte_crypto_modex_xform modex;
> - /**< Modular Exponentiation xform parameters */
> -
> - struct rte_crypto_modinv_xform modinv;
> - /**< Modular Multiplicative Inverse xform parameters */
> -
> - struct rte_crypto_dh_xform dh;
> - /**< DH xform parameters */
> -
> - struct rte_crypto_dsa_xform dsa;
> - /**< DSA xform parameters */
> -
> - struct rte_crypto_ec_xform ec;
> - /**< EC xform parameters, used by elliptic curve based
> - * operations.
> - */
> - };
> -};
Above change seems unnecessary.
> -
> -/**
> * SM2 operation params.
> */
> struct rte_crypto_sm2_op_param {
> @@ -658,20 +624,43 @@ struct rte_crypto_sm2_op_param {
> * will be overwritten by the PMD with the decrypted length.
> */
>
> - rte_crypto_param cipher;
> - /**<
> - * Pointer to input data
> - * - to be decrypted for SM2 private decrypt.
> - *
> - * Pointer to output data
> - * - for SM2 public encrypt.
> - * In this case the underlying array should have been allocated
> - * with enough memory to hold ciphertext output (at least X bytes
> - * for prime field curve of N bytes and for message M bytes,
> - * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
> - * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> - * be overwritten by the PMD with the encrypted length.
> - */
> + union {
> + rte_crypto_param cipher;
> + /**<
> + * Pointer to input data
> + * - to be decrypted for SM2 private decrypt.
> + *
> + * Pointer to output data
> + * - for SM2 public encrypt.
> + * In this case the underlying array should have been allocated
> + * with enough memory to hold ciphertext output (at least X
> bytes
> + * for prime field curve of N bytes and for message M bytes,
> + * where X = (C1 || C2 || C3) and computed based on SM2 RFC
> as
> + * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> + * be overwritten by the PMD with the encrypted length.
> + */
> + struct {
> + struct rte_crypto_ec_point C1;
> + /**<
> + * This field is used only when PMD does not support the
> full
> + * process of the SM2 encryption/decryption, but the
> elliptic
> + * curve part only.
> + *
> + * In the case of encryption, it is an output - point C1 =
> (x1,y1).
> + * In the case of decryption, if is an input - point C1 =
> (x1,y1)
> + *
> + */
> + struct rte_crypto_ec_point kP;
> + /**<
> + * This field is used only when PMD does not support the
> full
> + * process of the SM2 encryption/decryption, but the
> elliptic
> + * curve part only.
> + *
> + * It is an output in the encryption case, it is a point
> + * [k]P = (x2,y2)
> + */
> + };
> + };
>
> rte_crypto_uint id;
> /**< The SM2 id used by signer and verifier. */
> @@ -698,6 +687,40 @@ struct rte_crypto_sm2_op_param {
> };
>
> /**
> + * Asymmetric crypto transform data
> + *
> + * Structure describing asym xforms.
> + */
> +struct rte_crypto_asym_xform {
> + struct rte_crypto_asym_xform *next;
> + /**< Pointer to next xform to set up xform chain.*/
> + enum rte_crypto_asym_xform_type xform_type;
> + /**< Asymmetric crypto transform */
> +
> + union {
> + struct rte_crypto_rsa_xform rsa;
> + /**< RSA xform parameters */
> +
> + struct rte_crypto_modex_xform modex;
> + /**< Modular Exponentiation xform parameters */
> +
> + struct rte_crypto_modinv_xform modinv;
> + /**< Modular Multiplicative Inverse xform parameters */
> +
> + struct rte_crypto_dh_xform dh;
> + /**< DH xform parameters */
> +
> + struct rte_crypto_dsa_xform dsa;
> + /**< DSA xform parameters */
> +
> + struct rte_crypto_ec_xform ec;
> + /**< EC xform parameters, used by elliptic curve based
> + * operations.
> + */
> + };
> +};
> +
> +/**
> * Asymmetric Cryptographic Operation.
> *
> * Structure describing asymmetric crypto operation params.
> --
> 2.13.6
> In the case when PMD cannot support the full process of the SM2,
> but elliptic curve computation only, additional fields
> are needed to handle such a case.
>
> Points C1, kP therefore were added to the SM2 crypto operation struct.
>
> Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
> ---
> lib/cryptodev/rte_crypto_asym.h | 119 ++++++++++++++++++++++++-------------
> ---
> 1 file changed, 71 insertions(+), 48 deletions(-)
>
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 39d3da3952..f59759062f 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -600,40 +600,6 @@ struct rte_crypto_ecpm_op_param {
> };
>
> /**
> - * Asymmetric crypto transform data
> - *
> - * Structure describing asym xforms.
> - */
> -struct rte_crypto_asym_xform {
> - struct rte_crypto_asym_xform *next;
> - /**< Pointer to next xform to set up xform chain.*/
> - enum rte_crypto_asym_xform_type xform_type;
> - /**< Asymmetric crypto transform */
> -
> - union {
> - struct rte_crypto_rsa_xform rsa;
> - /**< RSA xform parameters */
> -
> - struct rte_crypto_modex_xform modex;
> - /**< Modular Exponentiation xform parameters */
> -
> - struct rte_crypto_modinv_xform modinv;
> - /**< Modular Multiplicative Inverse xform parameters */
> -
> - struct rte_crypto_dh_xform dh;
> - /**< DH xform parameters */
> -
> - struct rte_crypto_dsa_xform dsa;
> - /**< DSA xform parameters */
> -
> - struct rte_crypto_ec_xform ec;
> - /**< EC xform parameters, used by elliptic curve based
> - * operations.
> - */
> - };
> -};
> -
> -/**
> * SM2 operation params.
> */
> struct rte_crypto_sm2_op_param {
> @@ -658,20 +624,43 @@ struct rte_crypto_sm2_op_param {
> * will be overwritten by the PMD with the decrypted length.
> */
>
> - rte_crypto_param cipher;
> - /**<
> - * Pointer to input data
> - * - to be decrypted for SM2 private decrypt.
> - *
> - * Pointer to output data
> - * - for SM2 public encrypt.
> - * In this case the underlying array should have been allocated
> - * with enough memory to hold ciphertext output (at least X bytes
> - * for prime field curve of N bytes and for message M bytes,
> - * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
> - * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> - * be overwritten by the PMD with the encrypted length.
> - */
> + union {
> + rte_crypto_param cipher;
> + /**<
> + * Pointer to input data
> + * - to be decrypted for SM2 private decrypt.
> + *
> + * Pointer to output data
> + * - for SM2 public encrypt.
> + * In this case the underlying array should have been allocated
> + * with enough memory to hold ciphertext output (at least X
> bytes
> + * for prime field curve of N bytes and for message M bytes,
> + * where X = (C1 || C2 || C3) and computed based on SM2 RFC
> as
> + * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> + * be overwritten by the PMD with the encrypted length.
> + */
> + struct {
> + struct rte_crypto_ec_point C1;
> + /**<
> + * This field is used only when PMD does not support the
> full
> + * process of the SM2 encryption/decryption, but the
> elliptic
> + * curve part only.
> + *
> + * In the case of encryption, it is an output - point C1 =
> (x1,y1).
> + * In the case of decryption, if is an input - point C1 =
> (x1,y1)
> + *
> + */
> + struct rte_crypto_ec_point kP;
> + /**<
> + * This field is used only when PMD does not support the
> full
> + * process of the SM2 encryption/decryption, but the
> elliptic
> + * curve part only.
> + *
> + * It is an output in the encryption case, it is a point
> + * [k]P = (x2,y2)
> + */
> + };
> + };
>
> rte_crypto_uint id;
> /**< The SM2 id used by signer and verifier. */
> @@ -698,6 +687,40 @@ struct rte_crypto_sm2_op_param {
> };
>
How is the application supposed to know, it need to fill these parameters and PMD does not support full operation?
Can we add some capability checks?
Also send the patches for test case and PMD support.
> /**
> + * Asymmetric crypto transform data
> + *
> + * Structure describing asym xforms.
> + */
> +struct rte_crypto_asym_xform {
> + struct rte_crypto_asym_xform *next;
> + /**< Pointer to next xform to set up xform chain.*/
> + enum rte_crypto_asym_xform_type xform_type;
> + /**< Asymmetric crypto transform */
> +
> + union {
> + struct rte_crypto_rsa_xform rsa;
> + /**< RSA xform parameters */
> +
> + struct rte_crypto_modex_xform modex;
> + /**< Modular Exponentiation xform parameters */
> +
> + struct rte_crypto_modinv_xform modinv;
> + /**< Modular Multiplicative Inverse xform parameters */
> +
> + struct rte_crypto_dh_xform dh;
> + /**< DH xform parameters */
> +
> + struct rte_crypto_dsa_xform dsa;
> + /**< DSA xform parameters */
> +
> + struct rte_crypto_ec_xform ec;
> + /**< EC xform parameters, used by elliptic curve based
> + * operations.
> + */
> + };
> +};
> +
> +/**
> * Asymmetric Cryptographic Operation.
> *
> * Structure describing asymmetric crypto operation params.
> --
> 2.13.6
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Thursday, October 3, 2024 4:39 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: Dooley, Brian <brian.dooley@intel.com>
> Subject: RE: [EXTERNAL] [PATCH v2] cryptodev: add ec points to sm2 op
>
> > In the case when PMD cannot support the full process of the SM2, but
> > elliptic curve computation only, additional fields are needed to
> > handle such a case.
> >
> > Points C1, kP therefore were added to the SM2 crypto operation struct.
> >
> > Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> > lib/cryptodev/rte_crypto_asym.h | 119
> > ++++++++++++++++++++++++-------------
> > ---
> > 1 file changed, 71 insertions(+), 48 deletions(-)
> >
> > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > b/lib/cryptodev/rte_crypto_asym.h index 39d3da3952..f59759062f 100644
> > --- a/lib/cryptodev/rte_crypto_asym.h
> > +++ b/lib/cryptodev/rte_crypto_asym.h
> > @@ -600,40 +600,6 @@ struct rte_crypto_ecpm_op_param { };
> >
> > /**
> > - * Asymmetric crypto transform data
> > - *
> > - * Structure describing asym xforms.
> > - */
> > -struct rte_crypto_asym_xform {
> > - struct rte_crypto_asym_xform *next;
> > - /**< Pointer to next xform to set up xform chain.*/
> > - enum rte_crypto_asym_xform_type xform_type;
> > - /**< Asymmetric crypto transform */
> > -
> > - union {
> > - struct rte_crypto_rsa_xform rsa;
> > - /**< RSA xform parameters */
> > -
> > - struct rte_crypto_modex_xform modex;
> > - /**< Modular Exponentiation xform parameters */
> > -
> > - struct rte_crypto_modinv_xform modinv;
> > - /**< Modular Multiplicative Inverse xform parameters */
> > -
> > - struct rte_crypto_dh_xform dh;
> > - /**< DH xform parameters */
> > -
> > - struct rte_crypto_dsa_xform dsa;
> > - /**< DSA xform parameters */
> > -
> > - struct rte_crypto_ec_xform ec;
> > - /**< EC xform parameters, used by elliptic curve based
> > - * operations.
> > - */
> > - };
> > -};
> > -
> > -/**
> > * SM2 operation params.
> > */
> > struct rte_crypto_sm2_op_param {
> > @@ -658,20 +624,43 @@ struct rte_crypto_sm2_op_param {
> > * will be overwritten by the PMD with the decrypted length.
> > */
> >
> > - rte_crypto_param cipher;
> > - /**<
> > - * Pointer to input data
> > - * - to be decrypted for SM2 private decrypt.
> > - *
> > - * Pointer to output data
> > - * - for SM2 public encrypt.
> > - * In this case the underlying array should have been allocated
> > - * with enough memory to hold ciphertext output (at least X bytes
> > - * for prime field curve of N bytes and for message M bytes,
> > - * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
> > - * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> > - * be overwritten by the PMD with the encrypted length.
> > - */
> > + union {
> > + rte_crypto_param cipher;
> > + /**<
> > + * Pointer to input data
> > + * - to be decrypted for SM2 private decrypt.
> > + *
> > + * Pointer to output data
> > + * - for SM2 public encrypt.
> > + * In this case the underlying array should have been allocated
> > + * with enough memory to hold ciphertext output (at least X
> > bytes
> > + * for prime field curve of N bytes and for message M bytes,
> > + * where X = (C1 || C2 || C3) and computed based on SM2 RFC
> > as
> > + * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> > + * be overwritten by the PMD with the encrypted length.
> > + */
> > + struct {
> > + struct rte_crypto_ec_point C1;
> > + /**<
> > + * This field is used only when PMD does not support
> the
> > full
> > + * process of the SM2 encryption/decryption, but the
> > elliptic
> > + * curve part only.
> > + *
> > + * In the case of encryption, it is an output - point C1 =
> > (x1,y1).
> > + * In the case of decryption, if is an input - point C1 =
> > (x1,y1)
> > + *
> > + */
> > + struct rte_crypto_ec_point kP;
> > + /**<
> > + * This field is used only when PMD does not support
> the
> > full
> > + * process of the SM2 encryption/decryption, but the
> > elliptic
> > + * curve part only.
> > + *
> > + * It is an output in the encryption case, it is a point
> > + * [k]P = (x2,y2)
> > + */
> > + };
> > + };
> >
> > rte_crypto_uint id;
> > /**< The SM2 id used by signer and verifier. */ @@ -698,6 +687,40 @@
> > struct rte_crypto_sm2_op_param { };
> >
>
> How is the application supposed to know, it need to fill these parameters and
> PMD does not support full operation?
> Can we add some capability checks?
Initially I though it should be based on the .rst file PMD information, like with the key generation random number.
Otherwise, it could rather be a feature flag than a capability?
>
> Also send the patches for test case and PMD support.
Sure, I will send.
>
> > /**
> > + * Asymmetric crypto transform data
> > + *
> > + * Structure describing asym xforms.
> > + */
> > +struct rte_crypto_asym_xform {
> > + struct rte_crypto_asym_xform *next;
> > + /**< Pointer to next xform to set up xform chain.*/
> > + enum rte_crypto_asym_xform_type xform_type;
> > + /**< Asymmetric crypto transform */
> > +
> > + union {
> > + struct rte_crypto_rsa_xform rsa;
> > + /**< RSA xform parameters */
> > +
> > + struct rte_crypto_modex_xform modex;
> > + /**< Modular Exponentiation xform parameters */
> > +
> > + struct rte_crypto_modinv_xform modinv;
> > + /**< Modular Multiplicative Inverse xform parameters */
> > +
> > + struct rte_crypto_dh_xform dh;
> > + /**< DH xform parameters */
> > +
> > + struct rte_crypto_dsa_xform dsa;
> > + /**< DSA xform parameters */
> > +
> > + struct rte_crypto_ec_xform ec;
> > + /**< EC xform parameters, used by elliptic curve based
> > + * operations.
> > + */
> > + };
> > +};
> > +
> > +/**
> > * Asymmetric Cryptographic Operation.
> > *
> > * Structure describing asymmetric crypto operation params.
> > --
> > 2.13.6
@@ -600,40 +600,6 @@ struct rte_crypto_ecpm_op_param {
};
/**
- * Asymmetric crypto transform data
- *
- * Structure describing asym xforms.
- */
-struct rte_crypto_asym_xform {
- struct rte_crypto_asym_xform *next;
- /**< Pointer to next xform to set up xform chain.*/
- enum rte_crypto_asym_xform_type xform_type;
- /**< Asymmetric crypto transform */
-
- union {
- struct rte_crypto_rsa_xform rsa;
- /**< RSA xform parameters */
-
- struct rte_crypto_modex_xform modex;
- /**< Modular Exponentiation xform parameters */
-
- struct rte_crypto_modinv_xform modinv;
- /**< Modular Multiplicative Inverse xform parameters */
-
- struct rte_crypto_dh_xform dh;
- /**< DH xform parameters */
-
- struct rte_crypto_dsa_xform dsa;
- /**< DSA xform parameters */
-
- struct rte_crypto_ec_xform ec;
- /**< EC xform parameters, used by elliptic curve based
- * operations.
- */
- };
-};
-
-/**
* SM2 operation params.
*/
struct rte_crypto_sm2_op_param {
@@ -658,20 +624,43 @@ struct rte_crypto_sm2_op_param {
* will be overwritten by the PMD with the decrypted length.
*/
- rte_crypto_param cipher;
- /**<
- * Pointer to input data
- * - to be decrypted for SM2 private decrypt.
- *
- * Pointer to output data
- * - for SM2 public encrypt.
- * In this case the underlying array should have been allocated
- * with enough memory to hold ciphertext output (at least X bytes
- * for prime field curve of N bytes and for message M bytes,
- * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
- * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
- * be overwritten by the PMD with the encrypted length.
- */
+ union {
+ rte_crypto_param cipher;
+ /**<
+ * Pointer to input data
+ * - to be decrypted for SM2 private decrypt.
+ *
+ * Pointer to output data
+ * - for SM2 public encrypt.
+ * In this case the underlying array should have been allocated
+ * with enough memory to hold ciphertext output (at least X bytes
+ * for prime field curve of N bytes and for message M bytes,
+ * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
+ * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
+ * be overwritten by the PMD with the encrypted length.
+ */
+ struct {
+ struct rte_crypto_ec_point C1;
+ /**<
+ * This field is used only when PMD does not support the full
+ * process of the SM2 encryption/decryption, but the elliptic
+ * curve part only.
+ *
+ * In the case of encryption, it is an output - point C1 = (x1,y1).
+ * In the case of decryption, if is an input - point C1 = (x1,y1)
+ *
+ */
+ struct rte_crypto_ec_point kP;
+ /**<
+ * This field is used only when PMD does not support the full
+ * process of the SM2 encryption/decryption, but the elliptic
+ * curve part only.
+ *
+ * It is an output in the encryption case, it is a point
+ * [k]P = (x2,y2)
+ */
+ };
+ };
rte_crypto_uint id;
/**< The SM2 id used by signer and verifier. */
@@ -698,6 +687,40 @@ struct rte_crypto_sm2_op_param {
};
/**
+ * Asymmetric crypto transform data
+ *
+ * Structure describing asym xforms.
+ */
+struct rte_crypto_asym_xform {
+ struct rte_crypto_asym_xform *next;
+ /**< Pointer to next xform to set up xform chain.*/
+ enum rte_crypto_asym_xform_type xform_type;
+ /**< Asymmetric crypto transform */
+
+ union {
+ struct rte_crypto_rsa_xform rsa;
+ /**< RSA xform parameters */
+
+ struct rte_crypto_modex_xform modex;
+ /**< Modular Exponentiation xform parameters */
+
+ struct rte_crypto_modinv_xform modinv;
+ /**< Modular Multiplicative Inverse xform parameters */
+
+ struct rte_crypto_dh_xform dh;
+ /**< DH xform parameters */
+
+ struct rte_crypto_dsa_xform dsa;
+ /**< DSA xform parameters */
+
+ struct rte_crypto_ec_xform ec;
+ /**< EC xform parameters, used by elliptic curve based
+ * operations.
+ */
+ };
+};
+
+/**
* Asymmetric Cryptographic Operation.
*
* Structure describing asymmetric crypto operation params.