[v4,2/4] cryptodev: add ec points to sm2 op
Checks
Commit Message
In the case when PMD cannot support the full process of the SM2,
but elliptic curve computation only, additional fields
are needed to handle such a case.
Points C1, kP therefore were added to the SM2 crypto operation struct.
Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
lib/cryptodev/rte_crypto_asym.h | 57 +++++++++++++++++++++++++++++++----------
1 file changed, 43 insertions(+), 14 deletions(-)
Comments
On Tue, 8 Oct 2024 19:14:31 +0100
Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com> wrote:
> + RTE_CRYPTO_SM2_PARTIAL,
> + /**<
> + * PMD does not support the full process of the
> + * SM2 encryption/decryption, but the elliptic
> + * curve part only
Couldn't this just be:
/**< PMD only supports elliptic curve */
Hi Stephen,
> -----Original Message-----
> From: Stephen Hemminger <stephen@networkplumber.org>
> Sent: Tuesday, October 8, 2024 10:46 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Cc: dev@dpdk.org; gakhil@marvell.com; Dooley, Brian
> <brian.dooley@intel.com>
> Subject: Re: [PATCH v4 2/4] cryptodev: add ec points to sm2 op
>
> On Tue, 8 Oct 2024 19:14:31 +0100
> Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com> wrote:
>
> > + RTE_CRYPTO_SM2_PARTIAL,
> > + /**<
> > + * PMD does not support the full process of the
> > + * SM2 encryption/decryption, but the elliptic
> > + * curve part only
>
> Couldn't this just be:
> /**< PMD only supports elliptic curve */
SM2 encryption involves several steps: random number generation, hashing, some trivial xor's etc, and calculation of elliptic curve points, what I meant here is that only this EC calculation will be performed.
But when I read it now, I probably may need to add some more clarity to it.
On Tue, 8 Oct 2024 21:00:50 +0000
"Kusztal, ArkadiuszX" <arkadiuszx.kusztal@intel.com> wrote:
> Hi Stephen,
>
> > -----Original Message-----
> > From: Stephen Hemminger <stephen@networkplumber.org>
> > Sent: Tuesday, October 8, 2024 10:46 PM
> > To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> > Cc: dev@dpdk.org; gakhil@marvell.com; Dooley, Brian
> > <brian.dooley@intel.com>
> > Subject: Re: [PATCH v4 2/4] cryptodev: add ec points to sm2 op
> >
> > On Tue, 8 Oct 2024 19:14:31 +0100
> > Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com> wrote:
> >
> > > + RTE_CRYPTO_SM2_PARTIAL,
> > > + /**<
> > > + * PMD does not support the full process of the
> > > + * SM2 encryption/decryption, but the elliptic
> > > + * curve part only
> >
> > Couldn't this just be:
> > /**< PMD only supports elliptic curve */
>
> SM2 encryption involves several steps: random number generation, hashing, some trivial xor's etc, and calculation of elliptic curve points, what I meant here is that only this EC calculation will be performed.
> But when I read it now, I probably may need to add some more clarity to it.
My point is what developers write tends to be overly wordy and redundant.
Comments and documentation should be as succinct as possible.
> -----Original Message-----
> From: Stephen Hemminger <stephen@networkplumber.org>
> Sent: Tuesday, October 8, 2024 11:09 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Cc: dev@dpdk.org; gakhil@marvell.com; Dooley, Brian
> <brian.dooley@intel.com>
> Subject: Re: [PATCH v4 2/4] cryptodev: add ec points to sm2 op
>
> On Tue, 8 Oct 2024 21:00:50 +0000
> "Kusztal, ArkadiuszX" <arkadiuszx.kusztal@intel.com> wrote:
>
> > Hi Stephen,
> >
> > > -----Original Message-----
> > > From: Stephen Hemminger <stephen@networkplumber.org>
> > > Sent: Tuesday, October 8, 2024 10:46 PM
> > > To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> > > Cc: dev@dpdk.org; gakhil@marvell.com; Dooley, Brian
> > > <brian.dooley@intel.com>
> > > Subject: Re: [PATCH v4 2/4] cryptodev: add ec points to sm2 op
> > >
> > > On Tue, 8 Oct 2024 19:14:31 +0100
> > > Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com> wrote:
> > >
> > > > + RTE_CRYPTO_SM2_PARTIAL,
> > > > + /**<
> > > > + * PMD does not support the full process of the
> > > > + * SM2 encryption/decryption, but the elliptic
> > > > + * curve part only
> > >
> > > Couldn't this just be:
> > > /**< PMD only supports elliptic curve */
> >
> > SM2 encryption involves several steps: random number generation, hashing,
> some trivial xor's etc, and calculation of elliptic curve points, what I meant here
> is that only this EC calculation will be performed.
> > But when I read it now, I probably may need to add some more clarity to it.
>
>
> My point is what developers write tends to be overly wordy and redundant.
> Comments and documentation should be as succinct as possible.
I agree, I will change it to the more technical/precise.
@@ -609,6 +609,12 @@ enum rte_crypto_sm2_op_capa {
/**< Prehash message before crypto op. */
RTE_CRYPTO_SM2_PKE_KDF,
/**< KDF support in SM2 public key encryption */
+ RTE_CRYPTO_SM2_PARTIAL,
+ /**<
+ * PMD does not support the full process of the
+ * SM2 encryption/decryption, but the elliptic
+ * curve part only
+ */
};
/**
@@ -636,20 +642,43 @@ struct rte_crypto_sm2_op_param {
* will be overwritten by the PMD with the decrypted length.
*/
- rte_crypto_param cipher;
- /**<
- * Pointer to input data
- * - to be decrypted for SM2 private decrypt.
- *
- * Pointer to output data
- * - for SM2 public encrypt.
- * In this case the underlying array should have been allocated
- * with enough memory to hold ciphertext output (at least X bytes
- * for prime field curve of N bytes and for message M bytes,
- * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
- * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
- * be overwritten by the PMD with the encrypted length.
- */
+ union {
+ rte_crypto_param cipher;
+ /**<
+ * Pointer to input data
+ * - to be decrypted for SM2 private decrypt.
+ *
+ * Pointer to output data
+ * - for SM2 public encrypt.
+ * In this case the underlying array should have been allocated
+ * with enough memory to hold ciphertext output (at least X bytes
+ * for prime field curve of N bytes and for message M bytes,
+ * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
+ * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
+ * be overwritten by the PMD with the encrypted length.
+ */
+ struct {
+ struct rte_crypto_ec_point C1;
+ /**<
+ * This field is used only when PMD does not support the full
+ * process of the SM2 encryption/decryption, but the elliptic
+ * curve part only.
+ *
+ * In the case of encryption, it is an output - point C1 = (x1,y1).
+ * In the case of decryption, if is an input - point C1 = (x1,y1)
+ *
+ */
+ struct rte_crypto_ec_point kP;
+ /**<
+ * This field is used only when PMD does not support the full
+ * process of the SM2 encryption/decryption, but the elliptic
+ * curve part only.
+ *
+ * It is an output in the encryption case, it is a point
+ * [k]P = (x2,y2)
+ */
+ };
+ };
rte_crypto_uint id;
/**< The SM2 id used by signer and verifier. */