Hi Gowrishankar, I like the idea of adding EdDSA, but I have several comments.
> -----Original Message----- > From: Gowrishankar Muthukrishnan <gmuthukri...@marvell.com> > Sent: Friday, October 4, 2024 10:26 AM > To: dev@dpdk.org; Akhil Goyal <gak...@marvell.com>; Fan Zhang > <fanzhang....@gmail.com> > Cc: Anoob Joseph <ano...@marvell.com>; Richardson, Bruce > <bruce.richard...@intel.com>; jer...@marvell.com; Kusztal, ArkadiuszX > <arkadiuszx.kusz...@intel.com>; Ji, Kai <kai...@intel.com>; jack.bond- > pres...@foss.arm.com; Marchand, David <david.march...@redhat.com>; > hemant.agra...@nxp.com; De Lara Guarch, Pablo > <pablo.de.lara.gua...@intel.com>; Trahe, Fiona <fiona.tr...@intel.com>; > Doherty, Declan <declan.dohe...@intel.com>; ma...@nvidia.com; > ruifeng.w...@arm.com; Gowrishankar Muthukrishnan > <gmuthukri...@marvell.com> > Subject: [PATCH v6 1/6] cryptodev: add EDDSA asymmetric crypto algorithm > > Add support for asymmetric EDDSA in cryptodev, as referenced in RFC: > https://datatracker.ietf.org/doc/html/rfc8032 > > Signed-off-by: Gowrishankar Muthukrishnan <gmuthukri...@marvell.com> > --- > doc/guides/cryptodevs/features/default.ini | 1 + > doc/guides/prog_guide/cryptodev_lib.rst | 2 +- > lib/cryptodev/rte_crypto_asym.h | 47 ++++++++++++++++++++++ > 3 files changed, 49 insertions(+), 1 deletion(-) > > diff --git a/doc/guides/cryptodevs/features/default.ini > b/doc/guides/cryptodevs/features/default.ini > index f411d4bab7..3073753911 100644 > --- a/doc/guides/cryptodevs/features/default.ini > +++ b/doc/guides/cryptodevs/features/default.ini > @@ -130,6 +130,7 @@ ECDSA = > ECPM = > ECDH = > SM2 = > +EDDSA = > > ; > ; Supported Operating systems of a default crypto driver. > diff --git a/doc/guides/prog_guide/cryptodev_lib.rst > b/doc/guides/prog_guide/cryptodev_lib.rst > index 2b513bbf82..dd636ba5ef 100644 > --- a/doc/guides/prog_guide/cryptodev_lib.rst > +++ b/doc/guides/prog_guide/cryptodev_lib.rst > @@ -927,7 +927,7 @@ Asymmetric Cryptography The cryptodev library > currently provides support for the following asymmetric Crypto operations; > RSA, Modular exponentiation and inversion, Diffie-Hellman and Elliptic Curve > Diffie-Hellman public and/or private key generation and shared -secret > compute, > DSA Signature generation and verification. > +secret compute, DSA and EdDSA Signature generation and verification. > > Session and Session Management > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h > index 39d3da3952..fe4194c184 100644 > --- a/lib/cryptodev/rte_crypto_asym.h > +++ b/lib/cryptodev/rte_crypto_asym.h > @@ -49,6 +49,10 @@ rte_crypto_asym_op_strings[]; > * and if the flag is not set, shared secret will be padded to the left with > * zeros to the size of the underlying algorithm (default) > */ > +#define RTE_CRYPTO_ASYM_FLAG_PUB_KEY_COMPRESSED > RTE_BIT32(2) > +/**< > + * Flag to denote public key will be returned in compressed form */ > > /** > * List of elliptic curves. This enum aligns with @@ -65,9 +69,22 @@ enum > rte_crypto_curve_id { > RTE_CRYPTO_EC_GROUP_SECP256R1 = 23, > RTE_CRYPTO_EC_GROUP_SECP384R1 = 24, > RTE_CRYPTO_EC_GROUP_SECP521R1 = 25, > + RTE_CRYPTO_EC_GROUP_ED25519 = 29, > + RTE_CRYPTO_EC_GROUP_ED448 = 30, > RTE_CRYPTO_EC_GROUP_SM2 = 41, > }; > > +/** > + * List of Edwards curve instances as per RFC 8032 (Section 5). > + */ > +enum rte_crypto_edward_instance { > + RTE_CRYPTO_EDCURVE_25519, > + RTE_CRYPTO_EDCURVE_25519CTX, > + RTE_CRYPTO_EDCURVE_25519PH, > + RTE_CRYPTO_EDCURVE_448, > + RTE_CRYPTO_EDCURVE_448PH > +}; > + > /** > * Asymmetric crypto transformation types. > * Each xform type maps to one asymmetric algorithm @@ -119,6 +136,10 @@ > enum rte_crypto_asym_xform_type { > * Performs Encrypt, Decrypt, Sign and Verify. > * Refer to rte_crypto_asym_op_type. > */ > + RTE_CRYPTO_ASYM_XFORM_EDDSA, > + /**< Edwards Curve Digital Signature Algorithm > + * Perform Signature Generation and Verification. > + */ > RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END > /**< End of list */ > }; > @@ -585,6 +606,31 @@ struct rte_crypto_ecdsa_op_param { > */ > }; > > +/** > + * EdDSA operation params > + */ > +struct rte_crypto_eddsa_op_param { > + enum rte_crypto_asym_op_type op_type; > + /**< Signature generation or verification */ > + > + rte_crypto_param message; > + /**< Input message digest to be signed or verified */ HashEdDSA will require a message digest; pure EdDSA will require the message itself. For HW it will be more complicated. > + > + rte_crypto_param context; > + /**< Context value for the sign op. > + * Must not be empty for Ed25519ctx instance. > + */ > + > + enum rte_crypto_edward_instance instance; > + /**< Type of Edwards curve. */ All instances are using the same curve, where they differ is the way of handling input message. And I think this should be a session variable -> new xform for the EdDSA. > + > + rte_crypto_uint sign; > + /**< Edward curve signature > + * output : for signature generation > + * input : for signature verification > + */ > +}; > + > /** > * Structure for EC point multiplication operation param > */ > @@ -720,6 +766,7 @@ struct rte_crypto_asym_op { > struct rte_crypto_ecdsa_op_param ecdsa; > struct rte_crypto_ecpm_op_param ecpm; > struct rte_crypto_sm2_op_param sm2; > + struct rte_crypto_eddsa_op_param eddsa; > }; > uint16_t flags; > /**< > -- > 2.21.0
