[v3,2/4] cryptodev: add ec points to sm2 op

Message ID 20241008062845.11071-2-arkadiuszx.kusztal@intel.com (mailing list archive)
State Superseded, archived
Delegated to: akhil goyal
Headers
Series [v3,1/4] cryptodev: add partial sm2 feature flag |

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Kusztal, ArkadiuszX Oct. 8, 2024, 6:28 a.m. UTC
In the case when PMD cannot support the full process of the SM2,
but elliptic curve computation only, additional fields
are needed to handle such a case.

Points C1, kP therefore were added to the SM2 crypto operation struct.

Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/cryptodev/rte_crypto_asym.h | 119 ++++++++++++++++++++++++----------------
 1 file changed, 71 insertions(+), 48 deletions(-)
  

Comments

Akhil Goyal Oct. 8, 2024, 11:27 a.m. UTC | #1
>  /**
> - * Asymmetric crypto transform data
> - *
> - * Structure describing asym xforms.
> - */
> -struct rte_crypto_asym_xform {
> -	struct rte_crypto_asym_xform *next;
> -	/**< Pointer to next xform to set up xform chain.*/
> -	enum rte_crypto_asym_xform_type xform_type;
> -	/**< Asymmetric crypto transform */
> -
> -	union {
> -		struct rte_crypto_rsa_xform rsa;
> -		/**< RSA xform parameters */
> -
> -		struct rte_crypto_modex_xform modex;
> -		/**< Modular Exponentiation xform parameters */
> -
> -		struct rte_crypto_modinv_xform modinv;
> -		/**< Modular Multiplicative Inverse xform parameters */
> -
> -		struct rte_crypto_dh_xform dh;
> -		/**< DH xform parameters */
> -
> -		struct rte_crypto_dsa_xform dsa;
> -		/**< DSA xform parameters */
> -
> -		struct rte_crypto_ec_xform ec;
> -		/**< EC xform parameters, used by elliptic curve based
> -		 * operations.
> -		 */
> -	};
> -};
> -
Above change seems redundant.
It was commented on v2 as well.


> -/**
>   * SM2 operation params.
>   */
>  struct rte_crypto_sm2_op_param {
> @@ -658,20 +624,43 @@ struct rte_crypto_sm2_op_param {
>  	 * will be overwritten by the PMD with the decrypted length.
>  	 */
> 
> -	rte_crypto_param cipher;
> -	/**<
> -	 * Pointer to input data
> -	 * - to be decrypted for SM2 private decrypt.
> -	 *
> -	 * Pointer to output data
> -	 * - for SM2 public encrypt.
> -	 * In this case the underlying array should have been allocated
> -	 * with enough memory to hold ciphertext output (at least X bytes
> -	 * for prime field curve of N bytes and for message M bytes,
> -	 * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
> -	 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> -	 * be overwritten by the PMD with the encrypted length.
> -	 */
> +	union {
> +		rte_crypto_param cipher;
> +		/**<
> +		 * Pointer to input data
> +		 * - to be decrypted for SM2 private decrypt.
> +		 *
> +		 * Pointer to output data
> +		 * - for SM2 public encrypt.
> +		 * In this case the underlying array should have been allocated
> +		 * with enough memory to hold ciphertext output (at least X
> bytes
> +		 * for prime field curve of N bytes and for message M bytes,
> +		 * where X = (C1 || C2 || C3) and computed based on SM2 RFC
> as
> +		 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> +		 * be overwritten by the PMD with the encrypted length.
> +		 */
> +		struct {
> +			struct rte_crypto_ec_point C1;
> +			/**<
> +			 * This field is used only when PMD does not support the
> full
> +			 * process of the SM2 encryption/decryption, but the
> elliptic
> +			 * curve part only.
> +			 *
> +			 * In the case of encryption, it is an output - point C1 =
> (x1,y1).
> +			 * In the case of decryption, if is an input - point C1 =
> (x1,y1)
> +			 *
> +			 */
> +			struct rte_crypto_ec_point kP;
> +			/**<
> +			 * This field is used only when PMD does not support the
> full
> +			 * process of the SM2 encryption/decryption, but the
> elliptic
> +			 * curve part only.
> +			 *
> +			 * It is an output in the encryption case, it is a point
> +			 * [k]P = (x2,y2)
> +			 */
> +		};
> +	};
You may add a reference to the newly added feature flag here.


> 
>  	rte_crypto_uint id;
>  	/**< The SM2 id used by signer and verifier. */
> @@ -698,6 +687,40 @@ struct rte_crypto_sm2_op_param {
>  };
> 
>  /**
> + * Asymmetric crypto transform data
> + *
> + * Structure describing asym xforms.
> + */
> +struct rte_crypto_asym_xform {
> +	struct rte_crypto_asym_xform *next;
> +	/**< Pointer to next xform to set up xform chain.*/
> +	enum rte_crypto_asym_xform_type xform_type;
> +	/**< Asymmetric crypto transform */
> +
> +	union {
> +		struct rte_crypto_rsa_xform rsa;
> +		/**< RSA xform parameters */
> +
> +		struct rte_crypto_modex_xform modex;
> +		/**< Modular Exponentiation xform parameters */
> +
> +		struct rte_crypto_modinv_xform modinv;
> +		/**< Modular Multiplicative Inverse xform parameters */
> +
> +		struct rte_crypto_dh_xform dh;
> +		/**< DH xform parameters */
> +
> +		struct rte_crypto_dsa_xform dsa;
> +		/**< DSA xform parameters */
> +
> +		struct rte_crypto_ec_xform ec;
> +		/**< EC xform parameters, used by elliptic curve based
> +		 * operations.
> +		 */
> +	};
> +};
> +
> +/**
>   * Asymmetric Cryptographic Operation.
>   *
>   * Structure describing asymmetric crypto operation params.
> --
> 2.13.6
  
Kusztal, ArkadiuszX Oct. 8, 2024, 11:46 a.m. UTC | #2
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Tuesday, October 8, 2024 1:28 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: Dooley, Brian <brian.dooley@intel.com>
> Subject: RE: [EXTERNAL] [PATCH v3 2/4] cryptodev: add ec points to sm2 op
> 
> >  /**
> > - * Asymmetric crypto transform data
> > - *
> > - * Structure describing asym xforms.
> > - */
> > -struct rte_crypto_asym_xform {
> > -	struct rte_crypto_asym_xform *next;
> > -	/**< Pointer to next xform to set up xform chain.*/
> > -	enum rte_crypto_asym_xform_type xform_type;
> > -	/**< Asymmetric crypto transform */
> > -
> > -	union {
> > -		struct rte_crypto_rsa_xform rsa;
> > -		/**< RSA xform parameters */
> > -
> > -		struct rte_crypto_modex_xform modex;
> > -		/**< Modular Exponentiation xform parameters */
> > -
> > -		struct rte_crypto_modinv_xform modinv;
> > -		/**< Modular Multiplicative Inverse xform parameters */
> > -
> > -		struct rte_crypto_dh_xform dh;
> > -		/**< DH xform parameters */
> > -
> > -		struct rte_crypto_dsa_xform dsa;
> > -		/**< DSA xform parameters */
> > -
> > -		struct rte_crypto_ec_xform ec;
> > -		/**< EC xform parameters, used by elliptic curve based
> > -		 * operations.
> > -		 */
> > -	};
> > -};
> > -
> Above change seems redundant.
> It was commented on v2 as well.

My apologies, I have missed it.

The reason for this change was to keep a little bit better order in this file.

So previously we have had:
-defines
-enums
-algorithms xfroms
-algorithms ops
-asym xform
-asym op

now we got:
-defines
-enums
-algorithms xfroms
-algorithms ops
-asym xform
-------------SM2 OP
-asym op

I know it is not a game changer, but helps to keep a better order in this file.
If this is problematic then I can revert it. 

> 
> 
> > -/**
> >   * SM2 operation params.
> >   */
> >  struct rte_crypto_sm2_op_param {
> > @@ -658,20 +624,43 @@ struct rte_crypto_sm2_op_param {
> >  	 * will be overwritten by the PMD with the decrypted length.
> >  	 */
> >
> > -	rte_crypto_param cipher;
> > -	/**<
> > -	 * Pointer to input data
> > -	 * - to be decrypted for SM2 private decrypt.
> > -	 *
> > -	 * Pointer to output data
> > -	 * - for SM2 public encrypt.
> > -	 * In this case the underlying array should have been allocated
> > -	 * with enough memory to hold ciphertext output (at least X bytes
> > -	 * for prime field curve of N bytes and for message M bytes,
> > -	 * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
> > -	 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> > -	 * be overwritten by the PMD with the encrypted length.
> > -	 */
> > +	union {
> > +		rte_crypto_param cipher;
> > +		/**<
> > +		 * Pointer to input data
> > +		 * - to be decrypted for SM2 private decrypt.
> > +		 *
> > +		 * Pointer to output data
> > +		 * - for SM2 public encrypt.
> > +		 * In this case the underlying array should have been allocated
> > +		 * with enough memory to hold ciphertext output (at least X
> > bytes
> > +		 * for prime field curve of N bytes and for message M bytes,
> > +		 * where X = (C1 || C2 || C3) and computed based on SM2 RFC
> > as
> > +		 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> > +		 * be overwritten by the PMD with the encrypted length.
> > +		 */
> > +		struct {
> > +			struct rte_crypto_ec_point C1;
> > +			/**<
> > +			 * This field is used only when PMD does not support
> the
> > full
> > +			 * process of the SM2 encryption/decryption, but the
> > elliptic
> > +			 * curve part only.
> > +			 *
> > +			 * In the case of encryption, it is an output - point C1 =
> > (x1,y1).
> > +			 * In the case of decryption, if is an input - point C1 =
> > (x1,y1)
> > +			 *
> > +			 */
> > +			struct rte_crypto_ec_point kP;
> > +			/**<
> > +			 * This field is used only when PMD does not support
> the
> > full
> > +			 * process of the SM2 encryption/decryption, but the
> > elliptic
> > +			 * curve part only.
> > +			 *
> > +			 * It is an output in the encryption case, it is a point
> > +			 * [k]P = (x2,y2)
> > +			 */
> > +		};
> > +	};
> You may add a reference to the newly added feature flag here.
+1
> 
> 
> >
> >  	rte_crypto_uint id;
> >  	/**< The SM2 id used by signer and verifier. */ @@ -698,6 +687,40 @@
> > struct rte_crypto_sm2_op_param {  };
> >
> >  /**
> > + * Asymmetric crypto transform data
> > + *
> > + * Structure describing asym xforms.
> > + */
> > +struct rte_crypto_asym_xform {
> > +	struct rte_crypto_asym_xform *next;
> > +	/**< Pointer to next xform to set up xform chain.*/
> > +	enum rte_crypto_asym_xform_type xform_type;
> > +	/**< Asymmetric crypto transform */
> > +
> > +	union {
> > +		struct rte_crypto_rsa_xform rsa;
> > +		/**< RSA xform parameters */
> > +
> > +		struct rte_crypto_modex_xform modex;
> > +		/**< Modular Exponentiation xform parameters */
> > +
> > +		struct rte_crypto_modinv_xform modinv;
> > +		/**< Modular Multiplicative Inverse xform parameters */
> > +
> > +		struct rte_crypto_dh_xform dh;
> > +		/**< DH xform parameters */
> > +
> > +		struct rte_crypto_dsa_xform dsa;
> > +		/**< DSA xform parameters */
> > +
> > +		struct rte_crypto_ec_xform ec;
> > +		/**< EC xform parameters, used by elliptic curve based
> > +		 * operations.
> > +		 */
> > +	};
> > +};
> > +
> > +/**
> >   * Asymmetric Cryptographic Operation.
> >   *
> >   * Structure describing asymmetric crypto operation params.
> > --
> > 2.13.6
  
Akhil Goyal Oct. 8, 2024, 11:49 a.m. UTC | #3
> 
> > -----Original Message-----
> > From: Akhil Goyal <gakhil@marvell.com>
> > Sent: Tuesday, October 8, 2024 1:28 PM
> > To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> > Cc: Dooley, Brian <brian.dooley@intel.com>
> > Subject: RE: [EXTERNAL] [PATCH v3 2/4] cryptodev: add ec points to sm2 op
> >
> > >  /**
> > > - * Asymmetric crypto transform data
> > > - *
> > > - * Structure describing asym xforms.
> > > - */
> > > -struct rte_crypto_asym_xform {
> > > -	struct rte_crypto_asym_xform *next;
> > > -	/**< Pointer to next xform to set up xform chain.*/
> > > -	enum rte_crypto_asym_xform_type xform_type;
> > > -	/**< Asymmetric crypto transform */
> > > -
> > > -	union {
> > > -		struct rte_crypto_rsa_xform rsa;
> > > -		/**< RSA xform parameters */
> > > -
> > > -		struct rte_crypto_modex_xform modex;
> > > -		/**< Modular Exponentiation xform parameters */
> > > -
> > > -		struct rte_crypto_modinv_xform modinv;
> > > -		/**< Modular Multiplicative Inverse xform parameters */
> > > -
> > > -		struct rte_crypto_dh_xform dh;
> > > -		/**< DH xform parameters */
> > > -
> > > -		struct rte_crypto_dsa_xform dsa;
> > > -		/**< DSA xform parameters */
> > > -
> > > -		struct rte_crypto_ec_xform ec;
> > > -		/**< EC xform parameters, used by elliptic curve based
> > > -		 * operations.
> > > -		 */
> > > -	};
> > > -};
> > > -
> > Above change seems redundant.
> > It was commented on v2 as well.
> 
> My apologies, I have missed it.
> 
> The reason for this change was to keep a little bit better order in this file.
> 
> So previously we have had:
> -defines
> -enums
> -algorithms xfroms
> -algorithms ops
> -asym xform
> -asym op
> 
> now we got:
> -defines
> -enums
> -algorithms xfroms
> -algorithms ops
> -asym xform
> -------------SM2 OP
> -asym op
> 
> I know it is not a game changer, but helps to keep a better order in this file.
> If this is problematic then I can revert it.

Got your intention, but this should not be part of this patch.
It can be separate patch.

> 
> >
> >
> > > -/**
> > >   * SM2 operation params.
> > >   */
> > >  struct rte_crypto_sm2_op_param {
> > > @@ -658,20 +624,43 @@ struct rte_crypto_sm2_op_param {
> > >  	 * will be overwritten by the PMD with the decrypted length.
> > >  	 */
> > >
> > > -	rte_crypto_param cipher;
> > > -	/**<
> > > -	 * Pointer to input data
> > > -	 * - to be decrypted for SM2 private decrypt.
> > > -	 *
> > > -	 * Pointer to output data
> > > -	 * - for SM2 public encrypt.
> > > -	 * In this case the underlying array should have been allocated
> > > -	 * with enough memory to hold ciphertext output (at least X bytes
> > > -	 * for prime field curve of N bytes and for message M bytes,
> > > -	 * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
> > > -	 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> > > -	 * be overwritten by the PMD with the encrypted length.
> > > -	 */
> > > +	union {
> > > +		rte_crypto_param cipher;
> > > +		/**<
> > > +		 * Pointer to input data
> > > +		 * - to be decrypted for SM2 private decrypt.
> > > +		 *
> > > +		 * Pointer to output data
> > > +		 * - for SM2 public encrypt.
> > > +		 * In this case the underlying array should have been allocated
> > > +		 * with enough memory to hold ciphertext output (at least X
> > > bytes
> > > +		 * for prime field curve of N bytes and for message M bytes,
> > > +		 * where X = (C1 || C2 || C3) and computed based on SM2 RFC
> > > as
> > > +		 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> > > +		 * be overwritten by the PMD with the encrypted length.
> > > +		 */
> > > +		struct {
> > > +			struct rte_crypto_ec_point C1;
> > > +			/**<
> > > +			 * This field is used only when PMD does not support
> > the
> > > full
> > > +			 * process of the SM2 encryption/decryption, but the
> > > elliptic
> > > +			 * curve part only.
> > > +			 *
> > > +			 * In the case of encryption, it is an output - point C1 =
> > > (x1,y1).
> > > +			 * In the case of decryption, if is an input - point C1 =
> > > (x1,y1)
> > > +			 *
> > > +			 */
> > > +			struct rte_crypto_ec_point kP;
> > > +			/**<
> > > +			 * This field is used only when PMD does not support
> > the
> > > full
> > > +			 * process of the SM2 encryption/decryption, but the
> > > elliptic
> > > +			 * curve part only.
> > > +			 *
> > > +			 * It is an output in the encryption case, it is a point
> > > +			 * [k]P = (x2,y2)
> > > +			 */
> > > +		};
> > > +	};
> > You may add a reference to the newly added feature flag here.
> +1
> >
> >
> > >
> > >  	rte_crypto_uint id;
> > >  	/**< The SM2 id used by signer and verifier. */ @@ -698,6 +687,40 @@
> > > struct rte_crypto_sm2_op_param {  };
> > >
> > >  /**
> > > + * Asymmetric crypto transform data
> > > + *
> > > + * Structure describing asym xforms.
> > > + */
> > > +struct rte_crypto_asym_xform {
> > > +	struct rte_crypto_asym_xform *next;
> > > +	/**< Pointer to next xform to set up xform chain.*/
> > > +	enum rte_crypto_asym_xform_type xform_type;
> > > +	/**< Asymmetric crypto transform */
> > > +
> > > +	union {
> > > +		struct rte_crypto_rsa_xform rsa;
> > > +		/**< RSA xform parameters */
> > > +
> > > +		struct rte_crypto_modex_xform modex;
> > > +		/**< Modular Exponentiation xform parameters */
> > > +
> > > +		struct rte_crypto_modinv_xform modinv;
> > > +		/**< Modular Multiplicative Inverse xform parameters */
> > > +
> > > +		struct rte_crypto_dh_xform dh;
> > > +		/**< DH xform parameters */
> > > +
> > > +		struct rte_crypto_dsa_xform dsa;
> > > +		/**< DSA xform parameters */
> > > +
> > > +		struct rte_crypto_ec_xform ec;
> > > +		/**< EC xform parameters, used by elliptic curve based
> > > +		 * operations.
> > > +		 */
> > > +	};
> > > +};
> > > +
> > > +/**
> > >   * Asymmetric Cryptographic Operation.
> > >   *
> > >   * Structure describing asymmetric crypto operation params.
> > > --
> > > 2.13.6
  

Patch

diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 39d3da3952..f59759062f 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -600,40 +600,6 @@  struct rte_crypto_ecpm_op_param {
 };
 
 /**
- * Asymmetric crypto transform data
- *
- * Structure describing asym xforms.
- */
-struct rte_crypto_asym_xform {
-	struct rte_crypto_asym_xform *next;
-	/**< Pointer to next xform to set up xform chain.*/
-	enum rte_crypto_asym_xform_type xform_type;
-	/**< Asymmetric crypto transform */
-
-	union {
-		struct rte_crypto_rsa_xform rsa;
-		/**< RSA xform parameters */
-
-		struct rte_crypto_modex_xform modex;
-		/**< Modular Exponentiation xform parameters */
-
-		struct rte_crypto_modinv_xform modinv;
-		/**< Modular Multiplicative Inverse xform parameters */
-
-		struct rte_crypto_dh_xform dh;
-		/**< DH xform parameters */
-
-		struct rte_crypto_dsa_xform dsa;
-		/**< DSA xform parameters */
-
-		struct rte_crypto_ec_xform ec;
-		/**< EC xform parameters, used by elliptic curve based
-		 * operations.
-		 */
-	};
-};
-
-/**
  * SM2 operation params.
  */
 struct rte_crypto_sm2_op_param {
@@ -658,20 +624,43 @@  struct rte_crypto_sm2_op_param {
 	 * will be overwritten by the PMD with the decrypted length.
 	 */
 
-	rte_crypto_param cipher;
-	/**<
-	 * Pointer to input data
-	 * - to be decrypted for SM2 private decrypt.
-	 *
-	 * Pointer to output data
-	 * - for SM2 public encrypt.
-	 * In this case the underlying array should have been allocated
-	 * with enough memory to hold ciphertext output (at least X bytes
-	 * for prime field curve of N bytes and for message M bytes,
-	 * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
-	 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
-	 * be overwritten by the PMD with the encrypted length.
-	 */
+	union {
+		rte_crypto_param cipher;
+		/**<
+		 * Pointer to input data
+		 * - to be decrypted for SM2 private decrypt.
+		 *
+		 * Pointer to output data
+		 * - for SM2 public encrypt.
+		 * In this case the underlying array should have been allocated
+		 * with enough memory to hold ciphertext output (at least X bytes
+		 * for prime field curve of N bytes and for message M bytes,
+		 * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
+		 * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
+		 * be overwritten by the PMD with the encrypted length.
+		 */
+		struct {
+			struct rte_crypto_ec_point C1;
+			/**<
+			 * This field is used only when PMD does not support the full
+			 * process of the SM2 encryption/decryption, but the elliptic
+			 * curve part only.
+			 *
+			 * In the case of encryption, it is an output - point C1 = (x1,y1).
+			 * In the case of decryption, if is an input - point C1 = (x1,y1)
+			 *
+			 */
+			struct rte_crypto_ec_point kP;
+			/**<
+			 * This field is used only when PMD does not support the full
+			 * process of the SM2 encryption/decryption, but the elliptic
+			 * curve part only.
+			 *
+			 * It is an output in the encryption case, it is a point
+			 * [k]P = (x2,y2)
+			 */
+		};
+	};
 
 	rte_crypto_uint id;
 	/**< The SM2 id used by signer and verifier. */
@@ -698,6 +687,40 @@  struct rte_crypto_sm2_op_param {
 };
 
 /**
+ * Asymmetric crypto transform data
+ *
+ * Structure describing asym xforms.
+ */
+struct rte_crypto_asym_xform {
+	struct rte_crypto_asym_xform *next;
+	/**< Pointer to next xform to set up xform chain.*/
+	enum rte_crypto_asym_xform_type xform_type;
+	/**< Asymmetric crypto transform */
+
+	union {
+		struct rte_crypto_rsa_xform rsa;
+		/**< RSA xform parameters */
+
+		struct rte_crypto_modex_xform modex;
+		/**< Modular Exponentiation xform parameters */
+
+		struct rte_crypto_modinv_xform modinv;
+		/**< Modular Multiplicative Inverse xform parameters */
+
+		struct rte_crypto_dh_xform dh;
+		/**< DH xform parameters */
+
+		struct rte_crypto_dsa_xform dsa;
+		/**< DSA xform parameters */
+
+		struct rte_crypto_ec_xform ec;
+		/**< EC xform parameters, used by elliptic curve based
+		 * operations.
+		 */
+	};
+};
+
+/**
  * Asymmetric Cryptographic Operation.
  *
  * Structure describing asymmetric crypto operation params.