[dpdk-dev] [RFC PATCH v2 1/3] cryptodev: added asymmetric algorithms
Trahe, Fiona
fiona.trahe at intel.com
Thu May 25 18:00:42 CEST 2017
Hi Umesh,
> -----Original Message-----
> From: Umesh Kartha [mailto:Umesh.Kartha at caviumnetworks.com]
> Sent: Thursday, May 11, 2017 1:36 PM
> To: dev at dpdk.org
> Cc: Jerin Jacob <Jerin.JacobKollanukkaran at cavium.com>; Balasubramanian Manoharan
> <Balasubramanian.Manoharan at cavium.com>; Ram Kumar <Ram.Kumar at cavium.com>; Murthy
> Nidadavolu <Nidadavolu.Murthy at cavium.com>; Doherty, Declan <declan.doherty at intel.com>; De Lara
> Guarch, Pablo <pablo.de.lara.guarch at intel.com>; Trahe, Fiona <fiona.trahe at intel.com>
> Subject: [RFC PATCH v2 1/3] cryptodev: added asymmetric algorithms
>
> Added asymmetric xform structures, operation definitions, operation
> parameters. Added asymmetric algorithms RSA, DH, ECDH, DSA, ECDSA,
> MODEXP, FECC, MOD-INVERSE. Added curves (all curves supported by
> libcrypto as of now).
>
> Signed-off-by: Umesh Kartha <Umesh.Kartha at caviumnetworks.com>
> ---
> lib/librte_cryptodev/rte_crypto_asym.h | 1124 ++++++++++++++++++++++++++++++++
> 1 file changed, 1124 insertions(+)
> create mode 100644 lib/librte_cryptodev/rte_crypto_asym.h
>
> diff --git lib/librte_cryptodev/rte_crypto_asym.h lib/librte_cryptodev/rte_crypto_asym.h
> new file mode 100644
> index 0000000..36a8b4f
> --- /dev/null
> +++ lib/librte_cryptodev/rte_crypto_asym.h
> @@ -0,0 +1,1124 @@
> +/*
> + * BSD LICENSE
> + *
> + * Copyright (C) Cavium networks Ltd. 2017.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + *
> + * * Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * * Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer in
> + * the documentation and/or other materials provided with the
> + * distribution.
> + * * Neither the name of Cavium Networks nor the names of its
> + * contributors may be used to endorse or promote products derived
> + * from this software without specific prior written permission.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> + */
> +
> +#ifndef _RTE_CRYPTO_ASYM_H_
> +#define _RTE_CRYPTO_ASYM_H_
> +
> +/**
> + * @file rte_crypto_asym.h
> + *
> + * RTE Definitions for Asymmetric Cryptography
> + *
> + * Defines asymmetric algorithms and modes, as well as supported
> + * asymmetric crypto operations.
> + */
> +
> +#ifdef __cplusplus
> +extern "C" {
> +#endif
> +
> +#include <string.h>
> +#include <stdint.h>
> +#include <rte_mbuf.h>
> +#include <rte_memory.h>
> +#include <rte_mempool.h>
> +#include <rte_common.h>
> +#include "rte_crypto_sym.h"
> +
> +typedef struct rte_crypto_xform_param_t {
> + uint8_t *data;
> + size_t length;
> +} rte_crypto_xform_param;
> +
> +typedef struct rte_crypto_op_param_t {
> + uint8_t *data;
> + phys_addr_t phys_addr;
> + size_t length;
> +} rte_crypto_op_param;
[Fiona] Are both above lengths in bytes ?
> +
> +/** Asymmetric crypto transformation types */
> +enum rte_crypto_asym_xform_type {
> + RTE_CRYPTO_ASYM_XFORM_NOT_SPECIFIED = 0,
> + RTE_CRYPTO_ASYM_XFORM_RSA,
> + RTE_CRYPTO_ASYM_XFORM_MODEX,
> + RTE_CRYPTO_ASYM_XFORM_DH,
> + RTE_CRYPTO_ASYM_XFORM_ECDH,
> + RTE_CRYPTO_ASYM_XFORM_DSA,
> + RTE_CRYPTO_ASYM_XFORM_ECDSA,
> + RTE_CRYPTO_ASYM_XFORM_FECC,
> + RTE_CRYPTO_ASYM_XFORM_MODINV,
> + RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
> +};
> +
> +/**
> + * RSA operation type variants
> + */
> +enum rte_crypto_rsa_optype {
> + RTE_CRYPTO_RSA_OP_NOT_SPECIFIED = 1,
[Fiona] Is there a reason for not starting at 0 in all these enums?
> + /**< RSA operation unspecified */
> + RTE_CRYPTO_RSA_OP_PUBLIC_ENCRYPT,
> + /**< RSA public encrypt operation */
> + RTE_CRYPTO_RSA_OP_PRIVATE_DECRYPT,
> + /**< RSA private decrypt operation */
> + RTE_CRYPTO_RSA_OP_SIGN,
> + /**< RSA private key signature operation */
> + RTE_CRYPTO_RSA_OP_VERIFY,
> + /**< RSA public key verification operation */
> + RTE_CRYPTO_RSA_OP_LIST_END
> +};
> +
> +/**
> + * Padding types for RSA signature.
> + */
> +enum rte_crypto_rsa_padding_type {
> + RTE_CRYPTO_RSA_PADDING_NOT_SPECIFIED = 1,
> + /**< RSA no padding scheme */
> + RTE_CRYPTO_RSA_PADDING_BT1,
> + /**< RSA PKCS#1 padding BT1 scheme */
> + RTE_CRYPTO_RSA_PADDING_BT2,
> + /**< RSA PKCS#1 padding BT2 scheme */
> + RTE_CRYPTO_RSA_PADDING_OAEP,
> + /**< RSA PKCS#1 OAEP padding scheme */
> + RTE_CRYPTO_RSA_PADDING_PSS,
> + /**< RSA PKCS#1 PSS padding scheme */
> + RTE_CRYPTO_RSA_PADDING_TYPE_LIST_END
> +};
> +
> +/**
> + * Modular exponentiaion operation type variants
> + */
> +enum rte_crypto_modex_optype {
> + RTE_CRYPTO_MODEX_OP_NOT_SPECIFIED = 1,
> + /**< ModEx operation type unspecified */
> + RTE_CRYPTO_MODEX_OP_MODEX,
> + /**< Modex operation modular exponentiation */
> + RTE_CRYPTO_MODEX_OP_LIST_END
> +};
> +
> +/**
> + * Modular Inverse operation type variants
> + */
> +enum rte_crypto_modeinv_optype {
> + RTE_CRYPTO_MODINV_OP_NOT_SPECIFIED = 1,
> + /**< ModInv operation type unspecified */
> + RTE_CRYPTO_MODINV_OP_MODINV,
> + /**< ModInv operation modular Inverse */
> + RTE_CRYPTO_MODEX_OP_LIST_END
> +};
> +
> +/**
> + * DSA operation type variants
> + */
> +enum rte_crypto_dsa_optype {
> + RTE_CRYPTO_DSA_OP_NOT_SPECIFIED = 1,
> + /**< DSA operation unspecified */
> + RTE_CRYPTO_DSA_OP_SIGN,
> + /**< DSA private key signature operation */
> + RTE_CRYPTO_DSA_OP_VERIFY,
> + /**< DSA public key verification operation */
> + RTE_CRYPTO_DSA_OP_LIST_END
> +};
> +
> +
> +/**
> + * ECDSA operation type variants
> + */
> +enum rte_crypto_ecdsa_optype {
> + RTE_CRYPTO_ECDSA_OP_NOT_SPECIFIED = 1,
> + /**< ECDSA operation unspecified */
> + RTE_CRYPTO_ECDSA_OP_SIGN,
> + /**< ECDSA private key signature operation */
> + RTE_CRYPTO_ECDSA_OP_VERIFY,
> + /**< ECDSA public key verification operation */
> + RTE_CRYPTO_ECDSA_OP_LIST_END
> +};
> +
> +/**
> + * Diffie Hellman Key operation variants
> + */
> +enum rte_crypto_dh_optype {
> + RTE_CRYPTO_DH_OP_NOT_SPECIFIED = 1,
> + /**< DH operation unspecified */
> + RTE_CRYPTO_DH_OP_KEY_GENERATION,
> + /**< DH private/public key generation operation */
> + RTE_CRYPTO_DH_OP_KEY_COMPUTATION,
> + /**< DH private key computation operation */
> + RTE_CRYPTO_DH_OP_LIST_END
> +};
> +
> +/**
> + * Elliptic Curve Diffie Hellman Key operation variants
> + */
> +enum rte_crypto_ecdh_optype {
> + RTE_CRYPTO_ECDH_OP_NOT_SPECIFIED = 1,
> + /**< ECDH operation unspecified */
> + RTE_CRYPTO_ECDH_OP_KEY_GENERATION,
> + /**< ECDH private/public key generation operation */
> + RTE_CRYPTO_ECDH_OP_KEY_CHECK,
> + /**< ECDH public key validity check operation */
> + RTE_CRYPTO_ECDH_OP_KEY_COMPUTATION,
> + /**< ECDH private key computation operation */
> + RTE_CRYPTO_ECDH_OP_LIST_END
> +};
> +
> +/**
> + * Fundamental ECC operation type variants.
> + */
> +enum rte_crypto_fecc_optype {
> + RTE_CRYPTO_FECC_OP_NOT_SPECIFIED = 1,
> + /**< FECC operation type unspecified */
> + RTE_CRYPTO_FECC_OP_POINT_ADD,
> + /**< Fundamental ECC point addition operation */
> + RTE_CRYPTO_FECC_OP_POINT_DBL,
> + /**< Fundamental ECC point doubling operation */
> + RTE_CRYPTO_FECC_OP_POINT_MULTIPLY,
> + /**< Fundamental ECC point multiplication operation */
> + RTE_CRYPTO_FECC_OP_LIST_END
> +};
> +
> +/**
> + * ECC list of curves.
> + */
> +enum rte_crypto_ec_prime_curve {
> + RTE_CRYPTO_EC_CURVE_NOT_SPECIFIED = -1,
[Fiona] Why -1 ?
> + /**< Unspecified or empty curve id */
> + RTE_CRYPTO_EC_CURVE_secp112r1,
> + /**< SECG/WTLS curve over a 112 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp112r2,
> + /**< SECG curve over a 112 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp128r1,
> + /**< SECG curve over a 128 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp128r2,
> + /**< SECG curve over a 128 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp160k1,
> + /**< SECG curve over a 160 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp160r1,
> + /**< SECG curve over a 160 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp160r2,
> + /**< SECG/WTLS curve over a 160 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp192k1,
> + /**< SECG curve over a 192 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp224k1,
> + /**< SECG curve over a 224 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp224r1,
> + /**< NIST/SECG curve over a 224 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp256k1,
> + /**< SECG curve over a 256 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp384r1,
> + /**< NIST/SECG curve over a 384 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp521r1,
> + /**< NIST/SECG curve over a 521 bit prime field */
> + RTE_CRYPTO_EC_CURVE_prime192v1,
> + /**< NIST/X9.62/SECG curve over a 192 bit prime field */
> + RTE_CRYPTO_EC_CURVE_prime192v2,
> + /**< X9.62 curve over a 192 bit prime field */
> + RTE_CRYPTO_EC_CURVE_prime192v3,
> + /**< X9.62 curve over a 192 bit prime field */
> + RTE_CRYPTO_EC_CURVE_prime239v1,
> + /**< X9.62 curve over a 239 bit prime field */
> + RTE_CRYPTO_EC_CURVE_prime239v2,
> + /**< X9.62 curve over a 239 bit prime field */
> + RTE_CRYPTO_EC_CURVE_prime239v3,
> + /**< X9.62 curve over a 239 bit prime field */
> + RTE_CRYPTO_EC_CURVE_prime256v1,
> + /**< X9.62/SECG curve over a 256 bit prime field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls6,
> + /**< SECG/WTLS curve over a 112 bit prime field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls7,
> + /**< SECG/WTLS curve over a 160 bit prime field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls8,
> + /**< WTLS curve over a 112 bit prime field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls9,
> + /**< WTLS curve over a 160 bit prime field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls12,
> + /**< WTLS curve over a 224 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP160r1,
> + /**< RFC 5639 curve over a 160 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP160t1,
> + /**< RFC 5639 curve over a 160 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP192r1,
> + /**< RFC 5639 curve over a 192 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP192t1,
> + /**< RFC 5639 curve over a 192 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP224r1,
> + /**< RFC 5639 curve over a 224 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP224t1,
> + /**< RFC 5639 curve over a 224 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP256r1,
> + /**< RFC 5639 curve over a 256 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP256t1,
> + /**< RFC 5639 curve over a 256 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP320r1,
> + /**< RFC 5639 curve over a 320 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP320t1,
> + /**< RFC 5639 curve over a 320 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP384r1,
> + /**< RFC 5639 curve over a 384 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP384t1,
> + /**< RFC 5639 curve over a 384 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP512r1,
> + /**< RFC 5639 curve over a 512 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP512t1,
> + /**< RFC 5639 curve over a 512 bit prime field */
> + RTE_CRYPTO_EC_CURVE_x25519,
> + /**< Curve 25519 */
> + RTE_CRYPTO_EC_CURVE_LIST_END
> +};
> +
> +enum rte_crypto_ec_binary_curve {
> + RTE_CRYPTO_EC_CURVE_NOT_SPECIFIED = -1,
> + /**< Unspecified or empty curve id */
> + RTE_CRYPTO_EC_CURVE_sect113r1,
> + /**< SECG curve over a 113 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect113r2,
> + /**< SECG curve over a 113 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect131r1,
> + /**< SECG/WTLS curve over a 131 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect131r2,
> + /**< SECG curve over a 131 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect163k1,
> + /**< NIST/SECG/WTLS curve over a 163 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect163r1,
> + /**< SECG curve over a 163 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect163r2,
> + /**< NIST/SECG curve over a 163 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect193r1,
> + /**< SECG curve over a 193 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect193r2,
> + /**< SECG curve over a 193 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect233k1,
> + /**< NIST/SECG/WTLS curve over a 233 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect233r1,
> + /**< NIST/SECG/WTLS curve over a 233 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect239k1,
> + /**< SECG curve over a 239 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect283k1,
> + /**< NIST/SECG curve over a 283 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect283r1,
> + /**< NIST/SECG curve over a 283 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect409k1,
> + /**< NIST/SECG curve over a 409 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect409r1,
> + /**< NIST/SECG curve over a 409 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect571k1,
> + /**< NIST/SECG curve over a 571 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect571r1,
> + /**< NIST/SECG curve over a 571 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2pnb163v1,
> + /**< X9.62 curve over a 163 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2pnb163v2,
> + /**< X9.62 curve over a 163 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2pnb163v3,
> + /**< X9.62 curve over a 163 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2pnb176v1,
> + /**< X9.62 curve over a 176 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2tnb191v1,
> + /**< X9.62 curve over a 191 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2tnb191v2,
> + /**< X9.62 curve over a 191 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2tnb191v3,
> + /**< X9.62 curve over a 191 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2pnb208w1,
> + /**< X9.62 curve over a 208 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2tnb239v1,
> + /**< X9.62 curve over a 239 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2tnb239v2,
> + /**< X9.62 curve over a 239 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2tnb239v3,
> + /**< X9.62 curve over a 239 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2pnb272w1,
> + /**< X9.62 curve over a 272 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2pnb304w1,
> + /**< X9.62 curve over a 304 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2tnb359v1,
> + /**< X9.62 curve over a 359 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2pnb368w1,
> + /**< X9.62 curve over a 368 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2tnb431r1,
> + /**< X9.62 curve over a 431 bit binary field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls1,
> + /**< WTLS curve over a 113 bit binary field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls3,
> + /**< NIST/SECG/WTLS curve over a 163 bit binary field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls4,
> + /**< SECG curve over a 113 bit binary field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls5,
> + /**< X9.62 curve over a 163 bit binary field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls10,
> + /**< NIST/SECG/WTLS curve over a 233 bit binary field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls11,
> + /**< NIST/SECG/WTLS curve over a 233 bit binary field */
> + RTE_CRYPTO_EC_CURVE_LIST_END
> +};
> +
> +/**
> + * Elliptic curve point format
> + */
> +struct rte_crypto_ec_point {
> + struct {
> + int length;
> + uint8_t *data;
> + phys_addr_t phys_addr;
> + /**< phys_addr is used only for points passed in the
> + * asym_op structure.
> + */
> + } x;
> + /**< X co-ordinate */
> +
> + struct {
> + int length;
> + uint8_t *data;
> + phys_addr_t phys_addr;
> + /**< phys_addr is used only for points passed in the
> + * operation structure
> + */
> + } y;
> + /**< Y co-ordinate */
> +};
> +
> +/**
> + * Elliptic curve type
> + */
> +enum rte_crypto_ec_curve_type {
> + RTE_CRYPTO_EC_CURVE_TYPE_UNDEFINED,
> + /**< Curve type undefined */
> + RTE_CRYPTO_EC_CURVE_TYPE_PRIME_FIELD,
> + /**< EC curve defined over a prime field */
> + RTE_CRYPTO_EC_CURVE_TYPE_BINARY_FIELD,
> + /**< EC curve defined over a binary field */
> + RTE_CRYPTO_EC_CURVE_LIST_END
> +};
> +
> +/**
> + * Elliptic curve id
> + */
> +struct rte_crypto_ec_curve_id {
> + RTE_STD_C11
> + union {
> + enum rte_crypto_ec_prime_curve pcurve;
> + enum rte_crypto_ec_binary_curve bcurve;
> + }
> +};
> +
> +/**
> + * Asymmetric RSA transform data
> + *
> + * This structure contains data required to perform RSA crypto
> + * transform. If all CRT components are filled, RSA private key
> + * operations @ref RTE_CRYPTO_RSA_OP_SIGN and @ref
> + * RTE_CRYPTO_RSA_OP_PRIVATE_DECRYPT uses CRT method for crypto
> + * transform.
> + */
> +struct rte_crypto_rsa_xform {
> +
> + rte_crypto_xform_param n;
> + /**< n - Prime modulus
> + * Prime modulus data of RSA operation in Octet-string network
> + * byte order format.
> + */
> +
> + rte_crypto_xform_param e;
> + /**< e - Public key exponent
> + * Public key exponent used for RSA public key operations in Octet-
> + * string network byte order format.
> + */
> +
> + rte_crypto_xform_param d;
> + /**< d - Private key exponent
> + * Private key exponent used for RSA private key operations in
> + * Octet-string network byte order format.
> + */
> +
> + rte_crypto_xform_param p;
> + /**< p - Private key component P
> + * Private key component of RSA parameter required for CRT method
> + * of private key operations in Octet-string network byte order
> + * format.
> + */
> +
> + rte_crypto_xform_param q;
> + /**< q - Private key component Q
> + * Private key component of RSA parameter required for CRT method
> + * of private key operations in Octet-string network byte order
> + * format.
> + */
> +
> + rte_crypto_xform_param dP;
> + /**< dP - Private CRT component
> + * Private CRT component of RSA parameter required for CRT method
> + * RSA private key operations in Octet-string network byte order
> + * format.
> + * dP = d mod ( p - 1 )
> + */
> +
> + rte_crypto_xform_param dQ;
> + /**< dQ - Private CRT component
> + * Private CRT component of RSA parameter required for CRT method
> + * RSA private key operations in Octet-string network byte order
> + * format.
> + * dQ = d mod ( q - 1 )
> + */
> +
> + rte_crypto_xform_param qInv;
> + /**< qInv - Private CRT component
> + * Private CRT component of RSA parameter required for CRT method
> + * RSA private key operations in Octet-string network byte order
> + * format.
> + * qInv = inv q mod p
> + */
> +};
> +
> +/** Asymmetric Modular exponentiation transform data
> + *
> + * This structure contains data required to perform modular exponentation
> + * crypto transform. If all CRT components are valid, crypto transform
> + * operation follows CRT method.
> + */
> +struct rte_crypto_modex_xform {
> +
> + rte_crypto_xform_param modulus;
> + /**< modulus
> + * Prime modulus of the modexp transform operation in Octet-string
> + * network byte order format.
> + */
> +
> + rte_crypto_xform_param exponent;
> + /**< exponent
> + * Private exponent of the modexp transform operation in
> + * Octet-string network byte order format.
> + */
> +};
> +
> +/** Asymmetric DH transform data
> + * This structure contains data used to perform DH key
> + * computation
> + */
> +struct rte_crypto_dh_xform {
> + rte_crypto_xform_param p;
> + /**< p : Prime modulus data
> + * DH prime modulous data in Octet-string network byte order format.
> + */
> +
> + rte_crypto_xform_param g;
> + /**< g : Generator
> + * DH group generator data in Octet-string network byte order
> + * format.
> + */
> +
> + rte_crypto_xform_param priv_key;
> + /**< priv_key
> + * DH private key data in Octet-string network byte order format.
> + */
> +
> + rte_crypto_xform_param pub_key;
> + /**< pub_key
> + * DH public key data in Octet-string network byte order format.
> + */
> +};
> +
> +/**Asymmetric ECDH transform data
> + * This structure contains data required to perform ECDH crypto
> + * transform
> + */
> +struct rte_crypto_ecdh_xform {
> +
> + enum rte_crypto_ec_curve_type curve_type;
> + /**< ECDH curve type: Prime vs Binary */
> +
> + struct rte_crypto_ec_curve_id curve_id;
> +
> + rte_crypto_xform_param n;
> + /**< n : order
> + * ECDH curve order data in Octet-string network byte order format.
> + */
> +
> + rte_crypto_xform_param p;
> + /**< p:
> + * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_PRIME_FIELD:
> + * p holds the prime modulus data in Octet string format.
> + *
> + * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_BINARY_FIELD:
> + * p holds reduction polynomial co-efficients and degree.
> + */
> +
> + rte_crypto_xform_param a;
> + /**< Co-efficient 'a' of curve equation data in Octet-string network
> + * byte order format.
> + */
> +
> + rte_crypto_xform_param b;
> + /**< Co-efficient 'b' of curve equation data in Octet-string network
> + * byte order format.
> + */
> +
> + struct rte_crypto_ec_point G;
> + /**< G: EC curve generator
> + * EC curve generator point data in Octet-string network byte order
> + * format.
> + */
> +
> + rte_crypto_xform_param pkey;
> + /**< pkey: Private key
> + * Private key data for ECDH operation in Octet-string network byte
> + * order format.
> + */
> +
> + struct rte_crypto_ecpoint Q;
> + /**< Q: Public key point
> + * Public key point data of ECDH operation in Octet-string network
> + * byte order format.
> + */
> +
> + int h;
> + /**< Co-factor of the curve */
> +};
> +
> +/** Asymmetric Digital Signature transform operation
> + *
> + * This structure contains data required to perform asymmetric
> + * digital signature crypto transform.
> + */
> +struct rte_crypto_dsa_xform {
> +
> + rte_crypto_xform_param p;
> + /**< p - Prime modulus
> + * Prime modulus data for DSA operation in Octet-string network byte
> + * order format.
> + */
> +
> + rte_crypto_xform_param q;
> + /**< q : Order of the subgroup
> + * Order of the subgroup data in Octet-string network byte order
> + * format.
> + * q % (p-1) = 0
> + */
> +
> + rte_crypto_xform_param g;
> + /**< g: Generator of the subgroup
> + * Generator data in Octet-string network byte order format.
> + */
> +
> + rte_crypto_xform_param x;
> + /**< x: Private key of the signer
> + * Private key data in Octet-string network byte order format.
> + * Private key is valid only for signature generation operation.
> + */
> +
> + rte_crypto_xform_param y;
> + /**< y : Public key of the signer.
> + * Public key data of the signer in Octet-string network byte order
> + * format.
> + * y = g^x mod p
> + */
> +};
> +
> +/** Asymmetric ECDSA transform data
> + *
> + * This structure contains data required to perform ECDSA crypto
> + * transform.
> + */
> +struct rte_crypto_ecdsa_xform {
> +
> + enum rte_crypto_ec_curve_type curve_type;
> + /**< ECDSA curve type: Prime vs Binary */
> +
> + struct rte_crypto_ec_curve_id curve_id;
> + /**< EC curve ID */
> +
> + rte_crypto_xform_param n;
> + /**< n : order
> + * ECDH curve order data in Octet-string network byte order format.
> + */
> +
> + rte_crypto_xform_param p;
> + /**< p:
> + * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_PRIME_FIELD:
> + * p holds the prime modulus data in Octet string format.
> + *
> + * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_BINARY_FIELD:
> + * p holds reduction polynomial co-efficients and degree.
> + */
> +
> + rte_crypto_xform_param a;
> + /**< Co-efficient 'a' of curve equation data in Octet-string network
> + * byte order format.
> + */
> +
> + rte_crypto_xform_param b;
> + /**< Co-efficient 'b' of curve equation data in Octet-string network
> + * byte order format.
> + */
> +
> + struct rte_crypto_ecpoint G;
> + /**< G: EC curve generator
> + * EC curve generator point data in Octet-string network byte order
> + * format.
> + */
> +
> + rte_crypto_xform_param pkey;
> + /**< pkey: Private key
> + * Private key data of the signer for ECDSA signature generation
> + * operation in Octet-string network byte format. Parameter is
> + * invalid or unsed for signature verification.
> + */
> +
> + struct rte_crypto_ecpoint Q;
> + /**< Q: Public key point
> + * Public key point data of ECDSA operation in Octet-string network
> + * byte order format.
> + */
> +
> + int h;
> + /**< Co-factor of the curve */
> +};
> +
> +/** Asymmetric modular inverse transform operation
> + * This structure contains data required to perform
> + * asymmetric modular inverse crypto transform
> + */
> +struct rte_crypto_modinv_xform {
> +};
> +
> +/** Asymmetric Fundamental ECC transform operation
> + *
> + * This structure contains data required to perform asymmetric
> + * fundamental ECC crypto transform.
> + */
> +struct rte_crypto_fecc_xform {
> +
> + enum rte_crypto_ec_curve_type curve_type;
> + /**< FECC curve type: Prime vs Binary */
> +
> + struct rte_crypto_ec_curve_id curve_id;
> + /**< EC curve ID */
> +
> + rte_crypto_xform_param order;
> + /**< order : ECC curve order
> + * Curve order data in Octet-string network byte order format.
> + */
> +
> + rte_crypto_xform_param prime;
> + /**< prime : Curve prime modulus data
> + * Prime modulus data in Octet-string network byte order format.
> + */
> +
> + struct rte_crypto_ec_point G;
> + /**< G: curve generator point
> + * Curve generator point data in Octet-string network byte order
> + * format.
> + */
> +
> + rte_crypto_xform_param a;
> + /**< Co-efficient 'a' of curve equation data in Octet-string network
> + * byte order format.
> + */
> +
> + rte_crypto_xform_param b;
> + /**< Co-efficient 'a' of curve equation data in Octet-string network
> + * byte order format.
> + */
> +
> + int h;
> + /**< Co-factor of the curve */
> +
> +};
> +
> +/**
> + * Asymmetric crypto transform data
> + *
> + * This structure contains the data required to perform the
> + * asymmetric crypto transformation operation. The field op
> + * determines the asymmetric algorithm for transformation.
> + */
> +struct rte_crypto_asym_xform {
> + struct rte_crypto_asym_xform *next;
> + enum rte_crypto_asym_xform_type xform_type;
> + /**< Asymmetric algorithm for crypto transform */
> +
> + RTE_STD_C11
> + union {
> + struct rte_crypto_rsa_xform rsa;
> + struct rte_crypto_fecc_xform fecc;
> + struct rte_crypto_modex_xform modex;
> + struct rte_crypto_ecdsa_xform ecdsa;
> + struct rte_crypto_ecdh_xform ecdh;
> + struct rte_crypto_dsa_xform dsa;
> + };
> +};
> +
> +struct rte_cryptodev_asym_session;
> +
> +/**
> + * Crypto operation session type. This is used to specify whether a crypto
> + * operation has session structure attached for immutable parameters or if all
> + * operation information is included in the operation data structure.
> + */
> +enum rte_crypto_asym_op_sess_type {
> + RTE_CRYPTO_ASYM_OP_WITH_SESSION,
> + /**< Session based crypto operation */
> + RTE_CRYPTO_ASYM_OP_SESSIONLESS
> + /**< Session-less crypto operation */
> +};
> +
> +/**
> + * Asymmetric Cryptographic Operation.
> + *
> + * This structure contains data relating to performing asymmetric cryptographic
> + * operation.
> + *
> + */
> +struct rte_crypto_asym_op {
> +
> + enum rte_crypto_asym_op_sess_type sess_type;
> + enum rte_crypto_asym_xform_type type;
> +
> + RTE_STD_C11
> + union {
> + enum rte_crypto_rsa_optype rsa_op;
> + /**< Type of RSA operation for transform */;
> + enum rte_crypto_modex_optype modex_op;
> + /**< Type of modular exponentiation operation */
> + enum rte_crypto_ecdsa_optype ecdsa_op;
> + /**< ECDSA crypto xform operation type */
> + enum rte_crypto_fecc_optype fecc_op;
> + /**< ECDSA crypto xform operation type */
> + enum rte_crypto_dsa_optype dsa_op;
> + /**< DSA crypto xform operation type */
> + };
> +
> + RTE_STD_C11
> + union {
> + struct rte_cryptodev_asym_session *session;
> + /**< Handle for the initialised session context */
> + struct rte_crypto_asym_xform *xform;
> + /**< Session-less API crypto operation parameters */
> + };
> +
> + RTE_STD_C11
> + union {
> +
> + struct {
> + rte_crypto_op_param message;
> + /**<
> + * Pointer to data
> + * - to be encrypted for RSA public encrypt.
> + * - to be decrypted for RSA private decrypt.
> + * - to be signed for RSA sign generation.
> + * - to be authenticated for RSA sign verification.
> + */
> +
> + rte_crypto_op_param sign;
> + /**<
> + * Pointer to RSA signature data. If operation is RSA
> + * sign @ref RTE_CRYPTO_RSA_OP_SIGN, buffer will be
> + * over-written with generated signature.
> + *
> + * Length of the signature data will be equal to the
> + * RSA prime modulus length.
> + */
> +
> + enum rte_crypto_rsa_padding_type pad;
> + /**< RSA padding scheme to be used for transform */
> +
> + enum rte_crypto_auth_algorithm md;
> + /**< Hash algorithm to be used for data hash if padding
> + * scheme is either OAEP or PSS. Valid hash algorithms
> + * are:
> + * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
> + */
> +
> + enum rte_crypto_auth_algorithm mgf1md;
> + /**<
> + * Hash algorithm to be used for mask generation if
> + * padding scheme is either OAEP or PSS. If padding
> + * scheme is unspecified data hash algorithm is used
> + * for mask generation. Valid hash algorithms are:
> + * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
> + */
> + } rsa;
> +
> + struct {
> + rte_crypto_op_param pub_key;
> + /**<
> + * If DH operation type is
> + * KEY_GENERATION:
> + * if priv_key and public key are provided, the keys
> + * are copied to DH xform structure, else key pair is
> + * generated and stored in DH xform structure.
> + * pub_key data should be in Octet-string network
> + * byte order format.
> + *
> + * KEY_COMPUTATION:
> + * pub_key holds the key shared by peer during DH
> + * key exchange. pub_key data is written as Octet-
> + * string network byte order format.
> + */
> + RTE_STD_C11
> + union {
> + rte_crypto_op_param priv_key;
> + /**<
> + * If DH operation type is KEY_GENERATION, and
> + * priv_key is provided, the key is copied to
> + * DH xform structure, else generated and stored
> + * in DH xform structure. priv_key data is in
> + * in Octet-string network byte order format.
> + */
> + rte_crypto_op_param shared_key;
> + /*
> + * If DH operation type is KEY_COMPUTATION:
> + * shared_key holds the shared secret
> + * computed. shared_key is written as
> + * Octet-string network byte order format.
> + */
> + };
> + } dh;
> +
> + struct {
> + rte_crypto_op_param base;
> + /**<
> + * Pointer to base of modular exponentiation data in
> + * Octet-string network byte order format.
> + */
> + } modex;
> +
> + struct {
> + rte_crypto_op_param priv_key;
> + /**<
> + * If ECDH operation type is KEY_GENERATION, and
> + * priv_key is provided, the key is copied to ECDH
> + * xform structure, else generated and stored in
> + * ECDH xform structure in Octet-string network byte
> + * order.
> + * If ECDH operation type is KEY_COMPUTATION:
> + * priv_key holds the 'X' co-ordinate of the shared
> + * secret EC point computed in Octet-string network
> + * byte order.
> + */
> +
> + rte_crypto_ec_point pub_key;
> + /**<
> + * If ECDH operation type is
> + * KEY_GENERATION:
> + * if priv_key and public key are provided, the keys
> + * are copied ECDH xform structure, else key pair is
> + * generated and stored in ECDH xform structure.
> + *
> + * KEY_COMPUTATION:
> + * pub_key holds peer's public key during ECDH
> + * key exchange in Octet-string network byte order.
> + */
> + } ecdh;
> +
> + struct {
> + rte_crypto_op_param message;
> + /**<
> + * Pointer to data
> + * - to be signed for ECDSA signature generation.
> + * - to be authenticated for ECDSA sign verification.
> + */
> +
> + rte_crypto_op_param sign;
> + /**<
> + * Pointer to ECDSA signature. If operation type is
> + * @ref RTE_CRYPTO_ECDSA_OP_VERIFY this buffer will be
> + * over-written with the signature.
> + *
> + * Length of ECDSA signature will be less than twice the
> + * length of prime modulus length.
> + */
> +
> + rte_crypto_op_param k;
> + /**<
> + * Pointer to random scalar to be used for generation
> + * of ECDSA signature @ref RTE_CRYPTO_ECDSA_OP_SIGN.
> + * It is invalid if operation is ECDSA verify.
> + * Scalar data is in Octet-string network byte order
> + * format.
> + *
> + * Length of scalar K should be less than the prime
> + * modulus of the curve
> + */
> + } ecdsa;
> +
> + struct {
> +
> + rte_crypto_op_param message;
> + /**<
> + * Pointer to data
> + * - to be signed for DSA signature generation.
> + * - to be authenticated for DSA sign verification.
> + *
> + * Length of data to be signed, if is more than
> + * prime modulus length, is truncated to length of
> + * prime modulus.
> + */
> +
> + rte_crypto_op_param k;
> + /**<
> + * Pointer to random scalar to be used for DSA
> + * signature generation. K should be a non-zero number
> + * less than q. k is in Octet-string network byte
> + * order format.
> + */
> +
> + } dsa;
> +
> + struct {
> + struct rte_crypto_ec_point p;
> + /**<
> + * Pointer to primary curve point for fundamental
> + * ECC operation. Data is in Octet-string network
> + * byte order format.
> + * Length of data in bytes cannot exceed the prime
> + * modulus length of the curve.
> + */
> +
> + struct rte_crypto_ec_point q;
> + /**<
> + *
> + * Pointer to secondary curve point for fundamental
> + * ECC operation. Data is in Octet-string network
> + * byte order format.
> + *
> + * Length of data in bytes cannot exceed the prime
> + * modulus length of the curve. This point is valid
> + * only for point addition optype
> + * RTE_CRYPTO_FECC_OP_POINT_ADD crypto transform.
> + */
> +
> + rte_crypto_op_param k;
> + /**<
> + * Pointer to scalar data to be used only for point
> + * multiplication @ref RTE_CRYPTO_FECC_OP_POINT_MULTIPLY
> + * crypto transform. Data is in Octet-string network
> + * byte order format.
> + *
> + * Length of data in bytes cannot exceed the prime
> + * modulus length of the curve.
> + */
> +
> + struct rte_crypto_ec_point r;
> + /**<
> + * Pointer to the resultant point on the curve after
> + * fundamental ECC crypto transform. Data is in
> + * Octet-string network byte order format.
> + * Length of data in bytes cannot exceed the prime
> + * modulus length of the curve.
> + */
> +
> + } fecc;
> +
> + struct {
> +
> + rte_crypto_op_param prime;
> + /**<
> + * Pointer to the prime modulus data for modular
> + * inverse operation in Octet-string network byte
> + * order format.
> + */
> +
> + rte_crypto_op_param base;
> + /**<
> + * Pointer to the base for the modular inverse
> + * operation in Octet-string network byte order
> + * format.
> + */
> + } modinv;
> + };
> +
> +} __rte_cache_aligned;
> +
> +
> +
> +/**
> + * Reset the fields of an asymmetric operation to their default values.
> + *
> + * @param op The crypto operation to be reset.
> + */
> +static inline void
> +__rte_crypto_asym_op_reset(struct rte_crypto_asym_op *op)
> +{
> + memset(op, 0, sizeof(*op));
> +
> + op->sess_type = RTE_CRYPTO_ASYM_OP_SESSIONLESS;
> +}
> +
> +
> +/**
> + * Allocate space for asymmetric crypto xforms in the private data space of the
> + * crypto operation. This also defaults the crypto xform type to
> + * RTE_CRYPTO_ASYM_XFORM_NOT_SPECIFIED and configures the chaining of the xforms
> + * in the crypto operation
> + *
> + * @return
> + * - On success returns pointer to first crypto xform in crypto operations chain
> + * - On failure returns NULL
> + */
> +static inline struct rte_crypto_asym_xform *
> +__rte_crypto_asym_op_asym_xforms_alloc(struct rte_crypto_asym_op *asym_op,
> + void *priv_data, uint8_t nb_xforms)
> +{
> + struct rte_crypto_asym_xform *xform;
> +
> + asym_op->xform = xform = (struct rte_crypto_asym_xform *)priv_data;
> +
> + do {
> + xform->type = RTE_CRYPTO_ASYM_XFORM_NOT_SPECIFIED;
> + xform = xform->next = --nb_xforms > 0 ? xform + 1 : NULL;
> + } while (xform);
> +
> + return asym_op->xform;
> +}
> +
> +
> +/**
> + * Attach a session to an asymmetric crypto operation
> + *
> + * @param asym_op crypto operation
> + * @param sess cryptodev session
> + */
> +static inline int
> +__rte_crypto_asym_op_attach_asym_session(struct rte_crypto_asym_op *asym_op,
> + struct rte_cryptodev_asym_session *sess)
> +{
> + asym_op->session = sess;
> + asym_op->sess_type = RTE_CRYPTO_ASYM_OP_WITH_SESSION;
> +
> + return 0;
> +}
> +
> +
> +#ifdef __cplusplus
> +}
> +#endif
> +
> +#endif /* _RTE_CRYPTO_ASYM_H_ */
> --
> 1.8.3.1
More information about the dev
mailing list