[v3,2/4] cryptodev: add ec points to sm2 op
Checks
Commit Message
In the case when PMD cannot support the full process of the SM2,
but elliptic curve computation only, additional fields
are needed to handle such a case.
Points C1, kP therefore were added to the SM2 crypto operation struct.
Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
lib/cryptodev/rte_crypto_asym.h | 119 ++++++++++++++++++++++++----------------
1 file changed, 71 insertions(+), 48 deletions(-)
Comments
> /**
> - * Asymmetric crypto transform data
> - *
> - * Structure describing asym xforms.
> - */
> -struct rte_crypto_asym_xform {
> - struct rte_crypto_asym_xform *next;
> - /**< Pointer to next xform to set up xform chain.*/
> - enum rte_crypto_asym_xform_type xform_type;
> - /**< Asymmetric crypto transform */
> -
> - union {
> - struct rte_crypto_rsa_xform rsa;
> - /**< RSA xform parameters */
> -
> - struct rte_crypto_modex_xform modex;
> - /**< Modular Exponentiation xform parameters */
> -
> - struct rte_crypto_modinv_xform modinv;
> - /**< Modular Multiplicative Inverse xform parameters */
> -
> - struct rte_crypto_dh_xform dh;
> - /**< DH xform parameters */
> -
> - struct rte_crypto_dsa_xform dsa;
> - /**< DSA xform parameters */
> -
> - struct rte_crypto_ec_xform ec;
> - /**< EC xform parameters, used by elliptic curve based
> - * operations.
> - */
> - };
> -};
> -
Above change seems redundant.
It was commented on v2 as well.
> -/**
> * SM2 operation params.
> */
> struct rte_crypto_sm2_op_param {
> @@ -658,20 +624,43 @@ struct rte_crypto_sm2_op_param {
> * will be overwritten by the PMD with the decrypted length.
> */
>
> - rte_crypto_param cipher;
> - /**<
> - * Pointer to input data
> - * - to be decrypted for SM2 private decrypt.
> - *
> - * Pointer to output data
> - * - for SM2 public encrypt.
> - * In this case the underlying array should have been allocated
> - * with enough memory to hold ciphertext output (at least X bytes
> - * for prime field curve of N bytes and for message M bytes,
> - * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
> - * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> - * be overwritten by the PMD with the encrypted length.
> - */
> + union {
> + rte_crypto_param cipher;
> + /**<
> + * Pointer to input data
> + * - to be decrypted for SM2 private decrypt.
> + *
> + * Pointer to output data
> + * - for SM2 public encrypt.
> + * In this case the underlying array should have been allocated
> + * with enough memory to hold ciphertext output (at least X
> bytes
> + * for prime field curve of N bytes and for message M bytes,
> + * where X = (C1 || C2 || C3) and computed based on SM2 RFC
> as
> + * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> + * be overwritten by the PMD with the encrypted length.
> + */
> + struct {
> + struct rte_crypto_ec_point C1;
> + /**<
> + * This field is used only when PMD does not support the
> full
> + * process of the SM2 encryption/decryption, but the
> elliptic
> + * curve part only.
> + *
> + * In the case of encryption, it is an output - point C1 =
> (x1,y1).
> + * In the case of decryption, if is an input - point C1 =
> (x1,y1)
> + *
> + */
> + struct rte_crypto_ec_point kP;
> + /**<
> + * This field is used only when PMD does not support the
> full
> + * process of the SM2 encryption/decryption, but the
> elliptic
> + * curve part only.
> + *
> + * It is an output in the encryption case, it is a point
> + * [k]P = (x2,y2)
> + */
> + };
> + };
You may add a reference to the newly added feature flag here.
>
> rte_crypto_uint id;
> /**< The SM2 id used by signer and verifier. */
> @@ -698,6 +687,40 @@ struct rte_crypto_sm2_op_param {
> };
>
> /**
> + * Asymmetric crypto transform data
> + *
> + * Structure describing asym xforms.
> + */
> +struct rte_crypto_asym_xform {
> + struct rte_crypto_asym_xform *next;
> + /**< Pointer to next xform to set up xform chain.*/
> + enum rte_crypto_asym_xform_type xform_type;
> + /**< Asymmetric crypto transform */
> +
> + union {
> + struct rte_crypto_rsa_xform rsa;
> + /**< RSA xform parameters */
> +
> + struct rte_crypto_modex_xform modex;
> + /**< Modular Exponentiation xform parameters */
> +
> + struct rte_crypto_modinv_xform modinv;
> + /**< Modular Multiplicative Inverse xform parameters */
> +
> + struct rte_crypto_dh_xform dh;
> + /**< DH xform parameters */
> +
> + struct rte_crypto_dsa_xform dsa;
> + /**< DSA xform parameters */
> +
> + struct rte_crypto_ec_xform ec;
> + /**< EC xform parameters, used by elliptic curve based
> + * operations.
> + */
> + };
> +};
> +
> +/**
> * Asymmetric Cryptographic Operation.
> *
> * Structure describing asymmetric crypto operation params.
> --
> 2.13.6
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Tuesday, October 8, 2024 1:28 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: Dooley, Brian <brian.dooley@intel.com>
> Subject: RE: [EXTERNAL] [PATCH v3 2/4] cryptodev: add ec points to sm2 op
>
> > /**
> > - * Asymmetric crypto transform data
> > - *
> > - * Structure describing asym xforms.
> > - */
> > -struct rte_crypto_asym_xform {
> > - struct rte_crypto_asym_xform *next;
> > - /**< Pointer to next xform to set up xform chain.*/
> > - enum rte_crypto_asym_xform_type xform_type;
> > - /**< Asymmetric crypto transform */
> > -
> > - union {
> > - struct rte_crypto_rsa_xform rsa;
> > - /**< RSA xform parameters */
> > -
> > - struct rte_crypto_modex_xform modex;
> > - /**< Modular Exponentiation xform parameters */
> > -
> > - struct rte_crypto_modinv_xform modinv;
> > - /**< Modular Multiplicative Inverse xform parameters */
> > -
> > - struct rte_crypto_dh_xform dh;
> > - /**< DH xform parameters */
> > -
> > - struct rte_crypto_dsa_xform dsa;
> > - /**< DSA xform parameters */
> > -
> > - struct rte_crypto_ec_xform ec;
> > - /**< EC xform parameters, used by elliptic curve based
> > - * operations.
> > - */
> > - };
> > -};
> > -
> Above change seems redundant.
> It was commented on v2 as well.
My apologies, I have missed it.
The reason for this change was to keep a little bit better order in this file.
So previously we have had:
-defines
-enums
-algorithms xfroms
-algorithms ops
-asym xform
-asym op
now we got:
-defines
-enums
-algorithms xfroms
-algorithms ops
-asym xform
-------------SM2 OP
-asym op
I know it is not a game changer, but helps to keep a better order in this file.
If this is problematic then I can revert it.
>
>
> > -/**
> > * SM2 operation params.
> > */
> > struct rte_crypto_sm2_op_param {
> > @@ -658,20 +624,43 @@ struct rte_crypto_sm2_op_param {
> > * will be overwritten by the PMD with the decrypted length.
> > */
> >
> > - rte_crypto_param cipher;
> > - /**<
> > - * Pointer to input data
> > - * - to be decrypted for SM2 private decrypt.
> > - *
> > - * Pointer to output data
> > - * - for SM2 public encrypt.
> > - * In this case the underlying array should have been allocated
> > - * with enough memory to hold ciphertext output (at least X bytes
> > - * for prime field curve of N bytes and for message M bytes,
> > - * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
> > - * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> > - * be overwritten by the PMD with the encrypted length.
> > - */
> > + union {
> > + rte_crypto_param cipher;
> > + /**<
> > + * Pointer to input data
> > + * - to be decrypted for SM2 private decrypt.
> > + *
> > + * Pointer to output data
> > + * - for SM2 public encrypt.
> > + * In this case the underlying array should have been allocated
> > + * with enough memory to hold ciphertext output (at least X
> > bytes
> > + * for prime field curve of N bytes and for message M bytes,
> > + * where X = (C1 || C2 || C3) and computed based on SM2 RFC
> > as
> > + * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> > + * be overwritten by the PMD with the encrypted length.
> > + */
> > + struct {
> > + struct rte_crypto_ec_point C1;
> > + /**<
> > + * This field is used only when PMD does not support
> the
> > full
> > + * process of the SM2 encryption/decryption, but the
> > elliptic
> > + * curve part only.
> > + *
> > + * In the case of encryption, it is an output - point C1 =
> > (x1,y1).
> > + * In the case of decryption, if is an input - point C1 =
> > (x1,y1)
> > + *
> > + */
> > + struct rte_crypto_ec_point kP;
> > + /**<
> > + * This field is used only when PMD does not support
> the
> > full
> > + * process of the SM2 encryption/decryption, but the
> > elliptic
> > + * curve part only.
> > + *
> > + * It is an output in the encryption case, it is a point
> > + * [k]P = (x2,y2)
> > + */
> > + };
> > + };
> You may add a reference to the newly added feature flag here.
+1
>
>
> >
> > rte_crypto_uint id;
> > /**< The SM2 id used by signer and verifier. */ @@ -698,6 +687,40 @@
> > struct rte_crypto_sm2_op_param { };
> >
> > /**
> > + * Asymmetric crypto transform data
> > + *
> > + * Structure describing asym xforms.
> > + */
> > +struct rte_crypto_asym_xform {
> > + struct rte_crypto_asym_xform *next;
> > + /**< Pointer to next xform to set up xform chain.*/
> > + enum rte_crypto_asym_xform_type xform_type;
> > + /**< Asymmetric crypto transform */
> > +
> > + union {
> > + struct rte_crypto_rsa_xform rsa;
> > + /**< RSA xform parameters */
> > +
> > + struct rte_crypto_modex_xform modex;
> > + /**< Modular Exponentiation xform parameters */
> > +
> > + struct rte_crypto_modinv_xform modinv;
> > + /**< Modular Multiplicative Inverse xform parameters */
> > +
> > + struct rte_crypto_dh_xform dh;
> > + /**< DH xform parameters */
> > +
> > + struct rte_crypto_dsa_xform dsa;
> > + /**< DSA xform parameters */
> > +
> > + struct rte_crypto_ec_xform ec;
> > + /**< EC xform parameters, used by elliptic curve based
> > + * operations.
> > + */
> > + };
> > +};
> > +
> > +/**
> > * Asymmetric Cryptographic Operation.
> > *
> > * Structure describing asymmetric crypto operation params.
> > --
> > 2.13.6
>
> > -----Original Message-----
> > From: Akhil Goyal <gakhil@marvell.com>
> > Sent: Tuesday, October 8, 2024 1:28 PM
> > To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> > Cc: Dooley, Brian <brian.dooley@intel.com>
> > Subject: RE: [EXTERNAL] [PATCH v3 2/4] cryptodev: add ec points to sm2 op
> >
> > > /**
> > > - * Asymmetric crypto transform data
> > > - *
> > > - * Structure describing asym xforms.
> > > - */
> > > -struct rte_crypto_asym_xform {
> > > - struct rte_crypto_asym_xform *next;
> > > - /**< Pointer to next xform to set up xform chain.*/
> > > - enum rte_crypto_asym_xform_type xform_type;
> > > - /**< Asymmetric crypto transform */
> > > -
> > > - union {
> > > - struct rte_crypto_rsa_xform rsa;
> > > - /**< RSA xform parameters */
> > > -
> > > - struct rte_crypto_modex_xform modex;
> > > - /**< Modular Exponentiation xform parameters */
> > > -
> > > - struct rte_crypto_modinv_xform modinv;
> > > - /**< Modular Multiplicative Inverse xform parameters */
> > > -
> > > - struct rte_crypto_dh_xform dh;
> > > - /**< DH xform parameters */
> > > -
> > > - struct rte_crypto_dsa_xform dsa;
> > > - /**< DSA xform parameters */
> > > -
> > > - struct rte_crypto_ec_xform ec;
> > > - /**< EC xform parameters, used by elliptic curve based
> > > - * operations.
> > > - */
> > > - };
> > > -};
> > > -
> > Above change seems redundant.
> > It was commented on v2 as well.
>
> My apologies, I have missed it.
>
> The reason for this change was to keep a little bit better order in this file.
>
> So previously we have had:
> -defines
> -enums
> -algorithms xfroms
> -algorithms ops
> -asym xform
> -asym op
>
> now we got:
> -defines
> -enums
> -algorithms xfroms
> -algorithms ops
> -asym xform
> -------------SM2 OP
> -asym op
>
> I know it is not a game changer, but helps to keep a better order in this file.
> If this is problematic then I can revert it.
Got your intention, but this should not be part of this patch.
It can be separate patch.
>
> >
> >
> > > -/**
> > > * SM2 operation params.
> > > */
> > > struct rte_crypto_sm2_op_param {
> > > @@ -658,20 +624,43 @@ struct rte_crypto_sm2_op_param {
> > > * will be overwritten by the PMD with the decrypted length.
> > > */
> > >
> > > - rte_crypto_param cipher;
> > > - /**<
> > > - * Pointer to input data
> > > - * - to be decrypted for SM2 private decrypt.
> > > - *
> > > - * Pointer to output data
> > > - * - for SM2 public encrypt.
> > > - * In this case the underlying array should have been allocated
> > > - * with enough memory to hold ciphertext output (at least X bytes
> > > - * for prime field curve of N bytes and for message M bytes,
> > > - * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
> > > - * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> > > - * be overwritten by the PMD with the encrypted length.
> > > - */
> > > + union {
> > > + rte_crypto_param cipher;
> > > + /**<
> > > + * Pointer to input data
> > > + * - to be decrypted for SM2 private decrypt.
> > > + *
> > > + * Pointer to output data
> > > + * - for SM2 public encrypt.
> > > + * In this case the underlying array should have been allocated
> > > + * with enough memory to hold ciphertext output (at least X
> > > bytes
> > > + * for prime field curve of N bytes and for message M bytes,
> > > + * where X = (C1 || C2 || C3) and computed based on SM2 RFC
> > > as
> > > + * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> > > + * be overwritten by the PMD with the encrypted length.
> > > + */
> > > + struct {
> > > + struct rte_crypto_ec_point C1;
> > > + /**<
> > > + * This field is used only when PMD does not support
> > the
> > > full
> > > + * process of the SM2 encryption/decryption, but the
> > > elliptic
> > > + * curve part only.
> > > + *
> > > + * In the case of encryption, it is an output - point C1 =
> > > (x1,y1).
> > > + * In the case of decryption, if is an input - point C1 =
> > > (x1,y1)
> > > + *
> > > + */
> > > + struct rte_crypto_ec_point kP;
> > > + /**<
> > > + * This field is used only when PMD does not support
> > the
> > > full
> > > + * process of the SM2 encryption/decryption, but the
> > > elliptic
> > > + * curve part only.
> > > + *
> > > + * It is an output in the encryption case, it is a point
> > > + * [k]P = (x2,y2)
> > > + */
> > > + };
> > > + };
> > You may add a reference to the newly added feature flag here.
> +1
> >
> >
> > >
> > > rte_crypto_uint id;
> > > /**< The SM2 id used by signer and verifier. */ @@ -698,6 +687,40 @@
> > > struct rte_crypto_sm2_op_param { };
> > >
> > > /**
> > > + * Asymmetric crypto transform data
> > > + *
> > > + * Structure describing asym xforms.
> > > + */
> > > +struct rte_crypto_asym_xform {
> > > + struct rte_crypto_asym_xform *next;
> > > + /**< Pointer to next xform to set up xform chain.*/
> > > + enum rte_crypto_asym_xform_type xform_type;
> > > + /**< Asymmetric crypto transform */
> > > +
> > > + union {
> > > + struct rte_crypto_rsa_xform rsa;
> > > + /**< RSA xform parameters */
> > > +
> > > + struct rte_crypto_modex_xform modex;
> > > + /**< Modular Exponentiation xform parameters */
> > > +
> > > + struct rte_crypto_modinv_xform modinv;
> > > + /**< Modular Multiplicative Inverse xform parameters */
> > > +
> > > + struct rte_crypto_dh_xform dh;
> > > + /**< DH xform parameters */
> > > +
> > > + struct rte_crypto_dsa_xform dsa;
> > > + /**< DSA xform parameters */
> > > +
> > > + struct rte_crypto_ec_xform ec;
> > > + /**< EC xform parameters, used by elliptic curve based
> > > + * operations.
> > > + */
> > > + };
> > > +};
> > > +
> > > +/**
> > > * Asymmetric Cryptographic Operation.
> > > *
> > > * Structure describing asymmetric crypto operation params.
> > > --
> > > 2.13.6
@@ -600,40 +600,6 @@ struct rte_crypto_ecpm_op_param {
};
/**
- * Asymmetric crypto transform data
- *
- * Structure describing asym xforms.
- */
-struct rte_crypto_asym_xform {
- struct rte_crypto_asym_xform *next;
- /**< Pointer to next xform to set up xform chain.*/
- enum rte_crypto_asym_xform_type xform_type;
- /**< Asymmetric crypto transform */
-
- union {
- struct rte_crypto_rsa_xform rsa;
- /**< RSA xform parameters */
-
- struct rte_crypto_modex_xform modex;
- /**< Modular Exponentiation xform parameters */
-
- struct rte_crypto_modinv_xform modinv;
- /**< Modular Multiplicative Inverse xform parameters */
-
- struct rte_crypto_dh_xform dh;
- /**< DH xform parameters */
-
- struct rte_crypto_dsa_xform dsa;
- /**< DSA xform parameters */
-
- struct rte_crypto_ec_xform ec;
- /**< EC xform parameters, used by elliptic curve based
- * operations.
- */
- };
-};
-
-/**
* SM2 operation params.
*/
struct rte_crypto_sm2_op_param {
@@ -658,20 +624,43 @@ struct rte_crypto_sm2_op_param {
* will be overwritten by the PMD with the decrypted length.
*/
- rte_crypto_param cipher;
- /**<
- * Pointer to input data
- * - to be decrypted for SM2 private decrypt.
- *
- * Pointer to output data
- * - for SM2 public encrypt.
- * In this case the underlying array should have been allocated
- * with enough memory to hold ciphertext output (at least X bytes
- * for prime field curve of N bytes and for message M bytes,
- * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
- * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
- * be overwritten by the PMD with the encrypted length.
- */
+ union {
+ rte_crypto_param cipher;
+ /**<
+ * Pointer to input data
+ * - to be decrypted for SM2 private decrypt.
+ *
+ * Pointer to output data
+ * - for SM2 public encrypt.
+ * In this case the underlying array should have been allocated
+ * with enough memory to hold ciphertext output (at least X bytes
+ * for prime field curve of N bytes and for message M bytes,
+ * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
+ * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
+ * be overwritten by the PMD with the encrypted length.
+ */
+ struct {
+ struct rte_crypto_ec_point C1;
+ /**<
+ * This field is used only when PMD does not support the full
+ * process of the SM2 encryption/decryption, but the elliptic
+ * curve part only.
+ *
+ * In the case of encryption, it is an output - point C1 = (x1,y1).
+ * In the case of decryption, if is an input - point C1 = (x1,y1)
+ *
+ */
+ struct rte_crypto_ec_point kP;
+ /**<
+ * This field is used only when PMD does not support the full
+ * process of the SM2 encryption/decryption, but the elliptic
+ * curve part only.
+ *
+ * It is an output in the encryption case, it is a point
+ * [k]P = (x2,y2)
+ */
+ };
+ };
rte_crypto_uint id;
/**< The SM2 id used by signer and verifier. */
@@ -698,6 +687,40 @@ struct rte_crypto_sm2_op_param {
};
/**
+ * Asymmetric crypto transform data
+ *
+ * Structure describing asym xforms.
+ */
+struct rte_crypto_asym_xform {
+ struct rte_crypto_asym_xform *next;
+ /**< Pointer to next xform to set up xform chain.*/
+ enum rte_crypto_asym_xform_type xform_type;
+ /**< Asymmetric crypto transform */
+
+ union {
+ struct rte_crypto_rsa_xform rsa;
+ /**< RSA xform parameters */
+
+ struct rte_crypto_modex_xform modex;
+ /**< Modular Exponentiation xform parameters */
+
+ struct rte_crypto_modinv_xform modinv;
+ /**< Modular Multiplicative Inverse xform parameters */
+
+ struct rte_crypto_dh_xform dh;
+ /**< DH xform parameters */
+
+ struct rte_crypto_dsa_xform dsa;
+ /**< DSA xform parameters */
+
+ struct rte_crypto_ec_xform ec;
+ /**< EC xform parameters, used by elliptic curve based
+ * operations.
+ */
+ };
+};
+
+/**
* Asymmetric Cryptographic Operation.
*
* Structure describing asymmetric crypto operation params.