[1/3] cryptodev: add ec points to sm2 op
Checks
Commit Message
In the case when PMD cannot support full process of the SM2,
but elliptic curve computation only, additional fields
are needed to handle such a case.
Points C1, kP therefore were added to the SM2 crypto operation struct.
Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
lib/cryptodev/rte_crypto_asym.h | 119 +++++++++++++++++++-------------
1 file changed, 71 insertions(+), 48 deletions(-)
Comments
> ----------------------------------------------------------------------
> In the case when PMD cannot support full process of the SM2,
> but elliptic curve computation only, additional fields
> are needed to handle such a case.
>
Asym crypto APIs are no longer experimental.
Hence adding new fields would lead to ABI break.
> Points C1, kP therefore were added to the SM2 crypto operation struct.
>
> Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Thursday, February 1, 2024 9:08 AM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: Power, Ciara <ciara.power@intel.com>
> Subject: RE: [EXT] [PATCH 1/3] cryptodev: add ec points to sm2 op
>
> > ----------------------------------------------------------------------
> > In the case when PMD cannot support full process of the SM2, but
> > elliptic curve computation only, additional fields are needed to
> > handle such a case.
> >
>
> Asym crypto APIs are no longer experimental.
> Hence adding new fields would lead to ABI break.
It seems that
`__rte_crypto_op_reset`
`rte_crypto_op_pool_create`
functions do not need versioning, and we could easily do it if needed.
But the field `flags` changes an offset, and this is actually problematic.
Which means that we cannot do this change before 24.11.
>
> > Points C1, kP therefore were added to the SM2 crypto operation struct.
> >
> > Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
@@ -599,40 +599,6 @@ struct rte_crypto_ecpm_op_param {
/**< Scalar to multiply the input point */
};
-/**
- * Asymmetric crypto transform data
- *
- * Structure describing asym xforms.
- */
-struct rte_crypto_asym_xform {
- struct rte_crypto_asym_xform *next;
- /**< Pointer to next xform to set up xform chain.*/
- enum rte_crypto_asym_xform_type xform_type;
- /**< Asymmetric crypto transform */
-
- union {
- struct rte_crypto_rsa_xform rsa;
- /**< RSA xform parameters */
-
- struct rte_crypto_modex_xform modex;
- /**< Modular Exponentiation xform parameters */
-
- struct rte_crypto_modinv_xform modinv;
- /**< Modular Multiplicative Inverse xform parameters */
-
- struct rte_crypto_dh_xform dh;
- /**< DH xform parameters */
-
- struct rte_crypto_dsa_xform dsa;
- /**< DSA xform parameters */
-
- struct rte_crypto_ec_xform ec;
- /**< EC xform parameters, used by elliptic curve based
- * operations.
- */
- };
-};
-
/**
* SM2 operation params.
*/
@@ -658,20 +624,43 @@ struct rte_crypto_sm2_op_param {
* will be overwritten by the PMD with the decrypted length.
*/
- rte_crypto_param cipher;
- /**<
- * Pointer to input data
- * - to be decrypted for SM2 private decrypt.
- *
- * Pointer to output data
- * - for SM2 public encrypt.
- * In this case the underlying array should have been allocated
- * with enough memory to hold ciphertext output (at least X bytes
- * for prime field curve of N bytes and for message M bytes,
- * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
- * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
- * be overwritten by the PMD with the encrypted length.
- */
+ union {
+ rte_crypto_param cipher;
+ /**<
+ * Pointer to input data
+ * - to be decrypted for SM2 private decrypt.
+ *
+ * Pointer to output data
+ * - for SM2 public encrypt.
+ * In this case the underlying array should have been allocated
+ * with enough memory to hold ciphertext output (at least X bytes
+ * for prime field curve of N bytes and for message M bytes,
+ * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
+ * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
+ * be overwritten by the PMD with the encrypted length.
+ */
+ struct {
+ struct rte_crypto_ec_point C1;
+ /**<
+ * This field is used only when PMD does not support full
+ * process of the SM2 encryption/decryption, but elliptic
+ * curve part only.
+ *
+ * In the case of encryption, it is an output - point C1 = (x1,y1).
+ * In the case of decryption, if is an input - point C1 = (x1,y1)
+ *
+ */
+ struct rte_crypto_ec_point kP;
+ /**<
+ * This field is used only when PMD does not support full
+ * process of the SM2 encryption/decryption, but elliptic
+ * curve part only.
+ *
+ * It is an output in the encryption case, it is a point
+ * [k]P = (x2,y2)
+ */
+ };
+ };
rte_crypto_uint id;
/**< The SM2 id used by signer and verifier. */
@@ -697,6 +686,40 @@ struct rte_crypto_sm2_op_param {
*/
};
+/**
+ * Asymmetric crypto transform data
+ *
+ * Structure describing asym xforms.
+ */
+struct rte_crypto_asym_xform {
+ struct rte_crypto_asym_xform *next;
+ /**< Pointer to next xform to set up xform chain.*/
+ enum rte_crypto_asym_xform_type xform_type;
+ /**< Asymmetric crypto transform */
+
+ union {
+ struct rte_crypto_rsa_xform rsa;
+ /**< RSA xform parameters */
+
+ struct rte_crypto_modex_xform modex;
+ /**< Modular Exponentiation xform parameters */
+
+ struct rte_crypto_modinv_xform modinv;
+ /**< Modular Multiplicative Inverse xform parameters */
+
+ struct rte_crypto_dh_xform dh;
+ /**< DH xform parameters */
+
+ struct rte_crypto_dsa_xform dsa;
+ /**< DSA xform parameters */
+
+ struct rte_crypto_ec_xform ec;
+ /**< EC xform parameters, used by elliptic curve based
+ * operations.
+ */
+ };
+};
+
/**
* Asymmetric Cryptographic Operation.
*