Hi Fiona,
On Thu, May 25, 2017 at 04:00:42PM +0000, Trahe, Fiona wrote: > Hi Umesh, > > > > -----Original Message----- > > From: Umesh Kartha [mailto:umesh.kar...@caviumnetworks.com] > > Sent: Thursday, May 11, 2017 1:36 PM > > To: dev@dpdk.org > > Cc: Jerin Jacob <jerin.jacobkollanukka...@cavium.com>; Balasubramanian > > Manoharan > > <balasubramanian.manoha...@cavium.com>; Ram Kumar <ram.ku...@cavium.com>; > > Murthy > > Nidadavolu <nidadavolu.mur...@cavium.com>; Doherty, Declan > > <declan.dohe...@intel.com>; De Lara > > Guarch, Pablo <pablo.de.lara.gua...@intel.com>; Trahe, Fiona > > <fiona.tr...@intel.com> > > Subject: [RFC PATCH v2 1/3] cryptodev: added asymmetric algorithms > > > > Added asymmetric xform structures, operation definitions, operation > > parameters. Added asymmetric algorithms RSA, DH, ECDH, DSA, ECDSA, > > MODEXP, FECC, MOD-INVERSE. Added curves (all curves supported by > > libcrypto as of now). > > > > Signed-off-by: Umesh Kartha <umesh.kar...@caviumnetworks.com> > > --- > > lib/librte_cryptodev/rte_crypto_asym.h | 1124 > > ++++++++++++++++++++++++++++++++ > > 1 file changed, 1124 insertions(+) > > create mode 100644 lib/librte_cryptodev/rte_crypto_asym.h > > > > diff --git lib/librte_cryptodev/rte_crypto_asym.h > > lib/librte_cryptodev/rte_crypto_asym.h > > new file mode 100644 > > index 0000000..36a8b4f > > --- /dev/null > > +++ lib/librte_cryptodev/rte_crypto_asym.h > > @@ -0,0 +1,1124 @@ > > +/* > > + * BSD LICENSE > > + * > > + * Copyright (C) Cavium networks Ltd. 2017. > > + * > > + * Redistribution and use in source and binary forms, with or without > > + * modification, are permitted provided that the following conditions > > + * are met: > > + * > > + * * Redistributions of source code must retain the above copyright > > + * notice, this list of conditions and the following disclaimer. > > + * * Redistributions in binary form must reproduce the above copyright > > + * notice, this list of conditions and the following disclaimer in > > + * the documentation and/or other materials provided with the > > + * distribution. > > + * * Neither the name of Cavium Networks nor the names of its > > + * contributors may be used to endorse or promote products derived > > + * from this software without specific prior written permission. > > + * > > + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > > + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > > + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR > > + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT > > + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, > > + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT > > + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, > > + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY > > + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT > > + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE > > + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > > + */ > > + > > +#ifndef _RTE_CRYPTO_ASYM_H_ > > +#define _RTE_CRYPTO_ASYM_H_ > > + > > +/** > > + * @file rte_crypto_asym.h > > + * > > + * RTE Definitions for Asymmetric Cryptography > > + * > > + * Defines asymmetric algorithms and modes, as well as supported > > + * asymmetric crypto operations. > > + */ > > + > > +#ifdef __cplusplus > > +extern "C" { > > +#endif > > + > > +#include <string.h> > > +#include <stdint.h> > > +#include <rte_mbuf.h> > > +#include <rte_memory.h> > > +#include <rte_mempool.h> > > +#include <rte_common.h> > > +#include "rte_crypto_sym.h" > > + > > +typedef struct rte_crypto_xform_param_t { > > + uint8_t *data; > > + size_t length; > > +} rte_crypto_xform_param; > > + > > +typedef struct rte_crypto_op_param_t { > > + uint8_t *data; > > + phys_addr_t phys_addr; > > + size_t length; > > +} rte_crypto_op_param; > [Fiona] Are both above lengths in bytes ? > > [Umesh] Yes, they are in bytes. Will add note for this to avoid any confusion. > > + > > +/** Asymmetric crypto transformation types */ > > +enum rte_crypto_asym_xform_type { > > + RTE_CRYPTO_ASYM_XFORM_NOT_SPECIFIED = 0, > > + RTE_CRYPTO_ASYM_XFORM_RSA, > > + RTE_CRYPTO_ASYM_XFORM_MODEX, > > + RTE_CRYPTO_ASYM_XFORM_DH, > > + RTE_CRYPTO_ASYM_XFORM_ECDH, > > + RTE_CRYPTO_ASYM_XFORM_DSA, > > + RTE_CRYPTO_ASYM_XFORM_ECDSA, > > + RTE_CRYPTO_ASYM_XFORM_FECC, > > + RTE_CRYPTO_ASYM_XFORM_MODINV, > > + RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END > > +}; > > + > > +/** > > + * RSA operation type variants > > + */ > > +enum rte_crypto_rsa_optype { > > + RTE_CRYPTO_RSA_OP_NOT_SPECIFIED = 1, > [Fiona] Is there a reason for not starting at 0 in all these enums? > [Umesh] Some of the enums are being used as bit positions in capability structures. Will try to make these consistent. > > + /**< RSA operation unspecified */ > > + RTE_CRYPTO_RSA_OP_PUBLIC_ENCRYPT, > > + /**< RSA public encrypt operation */ > > + RTE_CRYPTO_RSA_OP_PRIVATE_DECRYPT, > > + /**< RSA private decrypt operation */ > > + RTE_CRYPTO_RSA_OP_SIGN, > > + /**< RSA private key signature operation */ > > + RTE_CRYPTO_RSA_OP_VERIFY, > > + /**< RSA public key verification operation */ > > + RTE_CRYPTO_RSA_OP_LIST_END > > +}; > > + > > +/** > > + * Padding types for RSA signature. > > + */ > > +enum rte_crypto_rsa_padding_type { > > + RTE_CRYPTO_RSA_PADDING_NOT_SPECIFIED = 1, > > + /**< RSA no padding scheme */ > > + RTE_CRYPTO_RSA_PADDING_BT1, > > + /**< RSA PKCS#1 padding BT1 scheme */ > > + RTE_CRYPTO_RSA_PADDING_BT2, > > + /**< RSA PKCS#1 padding BT2 scheme */ > > + RTE_CRYPTO_RSA_PADDING_OAEP, > > + /**< RSA PKCS#1 OAEP padding scheme */ > > + RTE_CRYPTO_RSA_PADDING_PSS, > > + /**< RSA PKCS#1 PSS padding scheme */ > > + RTE_CRYPTO_RSA_PADDING_TYPE_LIST_END > > +}; > > + > > +/** > > + * Modular exponentiaion operation type variants > > + */ > > +enum rte_crypto_modex_optype { > > + RTE_CRYPTO_MODEX_OP_NOT_SPECIFIED = 1, > > + /**< ModEx operation type unspecified */ > > + RTE_CRYPTO_MODEX_OP_MODEX, > > + /**< Modex operation modular exponentiation */ > > + RTE_CRYPTO_MODEX_OP_LIST_END > > +}; > > + > > +/** > > + * Modular Inverse operation type variants > > + */ > > +enum rte_crypto_modeinv_optype { > > + RTE_CRYPTO_MODINV_OP_NOT_SPECIFIED = 1, > > + /**< ModInv operation type unspecified */ > > + RTE_CRYPTO_MODINV_OP_MODINV, > > + /**< ModInv operation modular Inverse */ > > + RTE_CRYPTO_MODEX_OP_LIST_END > > +}; > > + > > +/** > > + * DSA operation type variants > > + */ > > +enum rte_crypto_dsa_optype { > > + RTE_CRYPTO_DSA_OP_NOT_SPECIFIED = 1, > > + /**< DSA operation unspecified */ > > + RTE_CRYPTO_DSA_OP_SIGN, > > + /**< DSA private key signature operation */ > > + RTE_CRYPTO_DSA_OP_VERIFY, > > + /**< DSA public key verification operation */ > > + RTE_CRYPTO_DSA_OP_LIST_END > > +}; > > + > > + > > +/** > > + * ECDSA operation type variants > > + */ > > +enum rte_crypto_ecdsa_optype { > > + RTE_CRYPTO_ECDSA_OP_NOT_SPECIFIED = 1, > > + /**< ECDSA operation unspecified */ > > + RTE_CRYPTO_ECDSA_OP_SIGN, > > + /**< ECDSA private key signature operation */ > > + RTE_CRYPTO_ECDSA_OP_VERIFY, > > + /**< ECDSA public key verification operation */ > > + RTE_CRYPTO_ECDSA_OP_LIST_END > > +}; > > + > > +/** > > + * Diffie Hellman Key operation variants > > + */ > > +enum rte_crypto_dh_optype { > > + RTE_CRYPTO_DH_OP_NOT_SPECIFIED = 1, > > + /**< DH operation unspecified */ > > + RTE_CRYPTO_DH_OP_KEY_GENERATION, > > + /**< DH private/public key generation operation */ > > + RTE_CRYPTO_DH_OP_KEY_COMPUTATION, > > + /**< DH private key computation operation */ > > + RTE_CRYPTO_DH_OP_LIST_END > > +}; > > + > > +/** > > + * Elliptic Curve Diffie Hellman Key operation variants > > + */ > > +enum rte_crypto_ecdh_optype { > > + RTE_CRYPTO_ECDH_OP_NOT_SPECIFIED = 1, > > + /**< ECDH operation unspecified */ > > + RTE_CRYPTO_ECDH_OP_KEY_GENERATION, > > + /**< ECDH private/public key generation operation */ > > + RTE_CRYPTO_ECDH_OP_KEY_CHECK, > > + /**< ECDH public key validity check operation */ > > + RTE_CRYPTO_ECDH_OP_KEY_COMPUTATION, > > + /**< ECDH private key computation operation */ > > + RTE_CRYPTO_ECDH_OP_LIST_END > > +}; > > + > > +/** > > + * Fundamental ECC operation type variants. > > + */ > > +enum rte_crypto_fecc_optype { > > + RTE_CRYPTO_FECC_OP_NOT_SPECIFIED = 1, > > + /**< FECC operation type unspecified */ > > + RTE_CRYPTO_FECC_OP_POINT_ADD, > > + /**< Fundamental ECC point addition operation */ > > + RTE_CRYPTO_FECC_OP_POINT_DBL, > > + /**< Fundamental ECC point doubling operation */ > > + RTE_CRYPTO_FECC_OP_POINT_MULTIPLY, > > + /**< Fundamental ECC point multiplication operation */ > > + RTE_CRYPTO_FECC_OP_LIST_END > > +}; > > + > > +/** > > + * ECC list of curves. > > + */ > > +enum rte_crypto_ec_prime_curve { > > + RTE_CRYPTO_EC_CURVE_NOT_SPECIFIED = -1, > [Fiona] Why -1 ? > [Umesh] This is to ensure enum of a curve represents the corresponding bit in the curve capability bitfield. > > + /**< Unspecified or empty curve id */ > > + RTE_CRYPTO_EC_CURVE_secp112r1, > > + /**< SECG/WTLS curve over a 112 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_secp112r2, > > + /**< SECG curve over a 112 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_secp128r1, > > + /**< SECG curve over a 128 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_secp128r2, > > + /**< SECG curve over a 128 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_secp160k1, > > + /**< SECG curve over a 160 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_secp160r1, > > + /**< SECG curve over a 160 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_secp160r2, > > + /**< SECG/WTLS curve over a 160 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_secp192k1, > > + /**< SECG curve over a 192 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_secp224k1, > > + /**< SECG curve over a 224 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_secp224r1, > > + /**< NIST/SECG curve over a 224 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_secp256k1, > > + /**< SECG curve over a 256 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_secp384r1, > > + /**< NIST/SECG curve over a 384 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_secp521r1, > > + /**< NIST/SECG curve over a 521 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_prime192v1, > > + /**< NIST/X9.62/SECG curve over a 192 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_prime192v2, > > + /**< X9.62 curve over a 192 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_prime192v3, > > + /**< X9.62 curve over a 192 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_prime239v1, > > + /**< X9.62 curve over a 239 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_prime239v2, > > + /**< X9.62 curve over a 239 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_prime239v3, > > + /**< X9.62 curve over a 239 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_prime256v1, > > + /**< X9.62/SECG curve over a 256 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls6, > > + /**< SECG/WTLS curve over a 112 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls7, > > + /**< SECG/WTLS curve over a 160 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls8, > > + /**< WTLS curve over a 112 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls9, > > + /**< WTLS curve over a 160 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls12, > > + /**< WTLS curve over a 224 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_brainpoolP160r1, > > + /**< RFC 5639 curve over a 160 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_brainpoolP160t1, > > + /**< RFC 5639 curve over a 160 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_brainpoolP192r1, > > + /**< RFC 5639 curve over a 192 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_brainpoolP192t1, > > + /**< RFC 5639 curve over a 192 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_brainpoolP224r1, > > + /**< RFC 5639 curve over a 224 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_brainpoolP224t1, > > + /**< RFC 5639 curve over a 224 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_brainpoolP256r1, > > + /**< RFC 5639 curve over a 256 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_brainpoolP256t1, > > + /**< RFC 5639 curve over a 256 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_brainpoolP320r1, > > + /**< RFC 5639 curve over a 320 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_brainpoolP320t1, > > + /**< RFC 5639 curve over a 320 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_brainpoolP384r1, > > + /**< RFC 5639 curve over a 384 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_brainpoolP384t1, > > + /**< RFC 5639 curve over a 384 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_brainpoolP512r1, > > + /**< RFC 5639 curve over a 512 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_brainpoolP512t1, > > + /**< RFC 5639 curve over a 512 bit prime field */ > > + RTE_CRYPTO_EC_CURVE_x25519, > > + /**< Curve 25519 */ > > + RTE_CRYPTO_EC_CURVE_LIST_END > > +}; > > + > > +enum rte_crypto_ec_binary_curve { > > + RTE_CRYPTO_EC_CURVE_NOT_SPECIFIED = -1, > > + /**< Unspecified or empty curve id */ > > + RTE_CRYPTO_EC_CURVE_sect113r1, > > + /**< SECG curve over a 113 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_sect113r2, > > + /**< SECG curve over a 113 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_sect131r1, > > + /**< SECG/WTLS curve over a 131 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_sect131r2, > > + /**< SECG curve over a 131 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_sect163k1, > > + /**< NIST/SECG/WTLS curve over a 163 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_sect163r1, > > + /**< SECG curve over a 163 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_sect163r2, > > + /**< NIST/SECG curve over a 163 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_sect193r1, > > + /**< SECG curve over a 193 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_sect193r2, > > + /**< SECG curve over a 193 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_sect233k1, > > + /**< NIST/SECG/WTLS curve over a 233 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_sect233r1, > > + /**< NIST/SECG/WTLS curve over a 233 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_sect239k1, > > + /**< SECG curve over a 239 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_sect283k1, > > + /**< NIST/SECG curve over a 283 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_sect283r1, > > + /**< NIST/SECG curve over a 283 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_sect409k1, > > + /**< NIST/SECG curve over a 409 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_sect409r1, > > + /**< NIST/SECG curve over a 409 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_sect571k1, > > + /**< NIST/SECG curve over a 571 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_sect571r1, > > + /**< NIST/SECG curve over a 571 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_c2pnb163v1, > > + /**< X9.62 curve over a 163 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_c2pnb163v2, > > + /**< X9.62 curve over a 163 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_c2pnb163v3, > > + /**< X9.62 curve over a 163 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_c2pnb176v1, > > + /**< X9.62 curve over a 176 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_c2tnb191v1, > > + /**< X9.62 curve over a 191 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_c2tnb191v2, > > + /**< X9.62 curve over a 191 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_c2tnb191v3, > > + /**< X9.62 curve over a 191 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_c2pnb208w1, > > + /**< X9.62 curve over a 208 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_c2tnb239v1, > > + /**< X9.62 curve over a 239 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_c2tnb239v2, > > + /**< X9.62 curve over a 239 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_c2tnb239v3, > > + /**< X9.62 curve over a 239 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_c2pnb272w1, > > + /**< X9.62 curve over a 272 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_c2pnb304w1, > > + /**< X9.62 curve over a 304 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_c2tnb359v1, > > + /**< X9.62 curve over a 359 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_c2pnb368w1, > > + /**< X9.62 curve over a 368 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_c2tnb431r1, > > + /**< X9.62 curve over a 431 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls1, > > + /**< WTLS curve over a 113 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls3, > > + /**< NIST/SECG/WTLS curve over a 163 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls4, > > + /**< SECG curve over a 113 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls5, > > + /**< X9.62 curve over a 163 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls10, > > + /**< NIST/SECG/WTLS curve over a 233 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls11, > > + /**< NIST/SECG/WTLS curve over a 233 bit binary field */ > > + RTE_CRYPTO_EC_CURVE_LIST_END > > +}; > > + > > +/** > > + * Elliptic curve point format > > + */ > > +struct rte_crypto_ec_point { > > + struct { > > + int length; > > + uint8_t *data; > > + phys_addr_t phys_addr; > > + /**< phys_addr is used only for points passed in the > > + * asym_op structure. > > + */ > > + } x; > > + /**< X co-ordinate */ > > + > > + struct { > > + int length; > > + uint8_t *data; > > + phys_addr_t phys_addr; > > + /**< phys_addr is used only for points passed in the > > + * operation structure > > + */ > > + } y; > > + /**< Y co-ordinate */ > > +}; > > + > > +/** > > + * Elliptic curve type > > + */ > > +enum rte_crypto_ec_curve_type { > > + RTE_CRYPTO_EC_CURVE_TYPE_UNDEFINED, > > + /**< Curve type undefined */ > > + RTE_CRYPTO_EC_CURVE_TYPE_PRIME_FIELD, > > + /**< EC curve defined over a prime field */ > > + RTE_CRYPTO_EC_CURVE_TYPE_BINARY_FIELD, > > + /**< EC curve defined over a binary field */ > > + RTE_CRYPTO_EC_CURVE_LIST_END > > +}; > > + > > +/** > > + * Elliptic curve id > > + */ > > +struct rte_crypto_ec_curve_id { > > + RTE_STD_C11 > > + union { > > + enum rte_crypto_ec_prime_curve pcurve; > > + enum rte_crypto_ec_binary_curve bcurve; > > + } > > +}; > > + > > +/** > > + * Asymmetric RSA transform data > > + * > > + * This structure contains data required to perform RSA crypto > > + * transform. If all CRT components are filled, RSA private key > > + * operations @ref RTE_CRYPTO_RSA_OP_SIGN and @ref > > + * RTE_CRYPTO_RSA_OP_PRIVATE_DECRYPT uses CRT method for crypto > > + * transform. > > + */ > > +struct rte_crypto_rsa_xform { > > + > > + rte_crypto_xform_param n; > > + /**< n - Prime modulus > > + * Prime modulus data of RSA operation in Octet-string network > > + * byte order format. > > + */ > > + > > + rte_crypto_xform_param e; > > + /**< e - Public key exponent > > + * Public key exponent used for RSA public key operations in Octet- > > + * string network byte order format. > > + */ > > + > > + rte_crypto_xform_param d; > > + /**< d - Private key exponent > > + * Private key exponent used for RSA private key operations in > > + * Octet-string network byte order format. > > + */ > > + > > + rte_crypto_xform_param p; > > + /**< p - Private key component P > > + * Private key component of RSA parameter required for CRT method > > + * of private key operations in Octet-string network byte order > > + * format. > > + */ > > + > > + rte_crypto_xform_param q; > > + /**< q - Private key component Q > > + * Private key component of RSA parameter required for CRT method > > + * of private key operations in Octet-string network byte order > > + * format. > > + */ > > + > > + rte_crypto_xform_param dP; > > + /**< dP - Private CRT component > > + * Private CRT component of RSA parameter required for CRT method > > + * RSA private key operations in Octet-string network byte order > > + * format. > > + * dP = d mod ( p - 1 ) > > + */ > > + > > + rte_crypto_xform_param dQ; > > + /**< dQ - Private CRT component > > + * Private CRT component of RSA parameter required for CRT method > > + * RSA private key operations in Octet-string network byte order > > + * format. > > + * dQ = d mod ( q - 1 ) > > + */ > > + > > + rte_crypto_xform_param qInv; > > + /**< qInv - Private CRT component > > + * Private CRT component of RSA parameter required for CRT method > > + * RSA private key operations in Octet-string network byte order > > + * format. > > + * qInv = inv q mod p > > + */ > > +}; > > + > > +/** Asymmetric Modular exponentiation transform data > > + * > > + * This structure contains data required to perform modular exponentation > > + * crypto transform. If all CRT components are valid, crypto transform > > + * operation follows CRT method. > > + */ > > +struct rte_crypto_modex_xform { > > + > > + rte_crypto_xform_param modulus; > > + /**< modulus > > + * Prime modulus of the modexp transform operation in Octet-string > > + * network byte order format. > > + */ > > + > > + rte_crypto_xform_param exponent; > > + /**< exponent > > + * Private exponent of the modexp transform operation in > > + * Octet-string network byte order format. > > + */ > > +}; > > + > > +/** Asymmetric DH transform data > > + * This structure contains data used to perform DH key > > + * computation > > + */ > > +struct rte_crypto_dh_xform { > > + rte_crypto_xform_param p; > > + /**< p : Prime modulus data > > + * DH prime modulous data in Octet-string network byte order format. > > + */ > > + > > + rte_crypto_xform_param g; > > + /**< g : Generator > > + * DH group generator data in Octet-string network byte order > > + * format. > > + */ > > + > > + rte_crypto_xform_param priv_key; > > + /**< priv_key > > + * DH private key data in Octet-string network byte order format. > > + */ > > + > > + rte_crypto_xform_param pub_key; > > + /**< pub_key > > + * DH public key data in Octet-string network byte order format. > > + */ > > +}; > > + > > +/**Asymmetric ECDH transform data > > + * This structure contains data required to perform ECDH crypto > > + * transform > > + */ > > +struct rte_crypto_ecdh_xform { > > + > > + enum rte_crypto_ec_curve_type curve_type; > > + /**< ECDH curve type: Prime vs Binary */ > > + > > + struct rte_crypto_ec_curve_id curve_id; > > + > > + rte_crypto_xform_param n; > > + /**< n : order > > + * ECDH curve order data in Octet-string network byte order format. > > + */ > > + > > + rte_crypto_xform_param p; > > + /**< p: > > + * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_PRIME_FIELD: > > + * p holds the prime modulus data in Octet string format. > > + * > > + * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_BINARY_FIELD: > > + * p holds reduction polynomial co-efficients and degree. > > + */ > > + > > + rte_crypto_xform_param a; > > + /**< Co-efficient 'a' of curve equation data in Octet-string network > > + * byte order format. > > + */ > > + > > + rte_crypto_xform_param b; > > + /**< Co-efficient 'b' of curve equation data in Octet-string network > > + * byte order format. > > + */ > > + > > + struct rte_crypto_ec_point G; > > + /**< G: EC curve generator > > + * EC curve generator point data in Octet-string network byte order > > + * format. > > + */ > > + > > + rte_crypto_xform_param pkey; > > + /**< pkey: Private key > > + * Private key data for ECDH operation in Octet-string network byte > > + * order format. > > + */ > > + > > + struct rte_crypto_ecpoint Q; > > + /**< Q: Public key point > > + * Public key point data of ECDH operation in Octet-string network > > + * byte order format. > > + */ > > + > > + int h; > > + /**< Co-factor of the curve */ > > +}; > > + > > +/** Asymmetric Digital Signature transform operation > > + * > > + * This structure contains data required to perform asymmetric > > + * digital signature crypto transform. > > + */ > > +struct rte_crypto_dsa_xform { > > + > > + rte_crypto_xform_param p; > > + /**< p - Prime modulus > > + * Prime modulus data for DSA operation in Octet-string network byte > > + * order format. > > + */ > > + > > + rte_crypto_xform_param q; > > + /**< q : Order of the subgroup > > + * Order of the subgroup data in Octet-string network byte order > > + * format. > > + * q % (p-1) = 0 > > + */ > > + > > + rte_crypto_xform_param g; > > + /**< g: Generator of the subgroup > > + * Generator data in Octet-string network byte order format. > > + */ > > + > > + rte_crypto_xform_param x; > > + /**< x: Private key of the signer > > + * Private key data in Octet-string network byte order format. > > + * Private key is valid only for signature generation operation. > > + */ > > + > > + rte_crypto_xform_param y; > > + /**< y : Public key of the signer. > > + * Public key data of the signer in Octet-string network byte order > > + * format. > > + * y = g^x mod p > > + */ > > +}; > > + > > +/** Asymmetric ECDSA transform data > > + * > > + * This structure contains data required to perform ECDSA crypto > > + * transform. > > + */ > > +struct rte_crypto_ecdsa_xform { > > + > > + enum rte_crypto_ec_curve_type curve_type; > > + /**< ECDSA curve type: Prime vs Binary */ > > + > > + struct rte_crypto_ec_curve_id curve_id; > > + /**< EC curve ID */ > > + > > + rte_crypto_xform_param n; > > + /**< n : order > > + * ECDH curve order data in Octet-string network byte order format. > > + */ > > + > > + rte_crypto_xform_param p; > > + /**< p: > > + * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_PRIME_FIELD: > > + * p holds the prime modulus data in Octet string format. > > + * > > + * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_BINARY_FIELD: > > + * p holds reduction polynomial co-efficients and degree. > > + */ > > + > > + rte_crypto_xform_param a; > > + /**< Co-efficient 'a' of curve equation data in Octet-string network > > + * byte order format. > > + */ > > + > > + rte_crypto_xform_param b; > > + /**< Co-efficient 'b' of curve equation data in Octet-string network > > + * byte order format. > > + */ > > + > > + struct rte_crypto_ecpoint G; > > + /**< G: EC curve generator > > + * EC curve generator point data in Octet-string network byte order > > + * format. > > + */ > > + > > + rte_crypto_xform_param pkey; > > + /**< pkey: Private key > > + * Private key data of the signer for ECDSA signature generation > > + * operation in Octet-string network byte format. Parameter is > > + * invalid or unsed for signature verification. > > + */ > > + > > + struct rte_crypto_ecpoint Q; > > + /**< Q: Public key point > > + * Public key point data of ECDSA operation in Octet-string network > > + * byte order format. > > + */ > > + > > + int h; > > + /**< Co-factor of the curve */ > > +}; > > + > > +/** Asymmetric modular inverse transform operation > > + * This structure contains data required to perform > > + * asymmetric modular inverse crypto transform > > + */ > > +struct rte_crypto_modinv_xform { > > +}; > > + > > +/** Asymmetric Fundamental ECC transform operation > > + * > > + * This structure contains data required to perform asymmetric > > + * fundamental ECC crypto transform. > > + */ > > +struct rte_crypto_fecc_xform { > > + > > + enum rte_crypto_ec_curve_type curve_type; > > + /**< FECC curve type: Prime vs Binary */ > > + > > + struct rte_crypto_ec_curve_id curve_id; > > + /**< EC curve ID */ > > + > > + rte_crypto_xform_param order; > > + /**< order : ECC curve order > > + * Curve order data in Octet-string network byte order format. > > + */ > > + > > + rte_crypto_xform_param prime; > > + /**< prime : Curve prime modulus data > > + * Prime modulus data in Octet-string network byte order format. > > + */ > > + > > + struct rte_crypto_ec_point G; > > + /**< G: curve generator point > > + * Curve generator point data in Octet-string network byte order > > + * format. > > + */ > > + > > + rte_crypto_xform_param a; > > + /**< Co-efficient 'a' of curve equation data in Octet-string network > > + * byte order format. > > + */ > > + > > + rte_crypto_xform_param b; > > + /**< Co-efficient 'a' of curve equation data in Octet-string network > > + * byte order format. > > + */ > > + > > + int h; > > + /**< Co-factor of the curve */ > > + > > +}; > > + > > +/** > > + * Asymmetric crypto transform data > > + * > > + * This structure contains the data required to perform the > > + * asymmetric crypto transformation operation. The field op > > + * determines the asymmetric algorithm for transformation. > > + */ > > +struct rte_crypto_asym_xform { > > + struct rte_crypto_asym_xform *next; > > + enum rte_crypto_asym_xform_type xform_type; > > + /**< Asymmetric algorithm for crypto transform */ > > + > > + RTE_STD_C11 > > + union { > > + struct rte_crypto_rsa_xform rsa; > > + struct rte_crypto_fecc_xform fecc; > > + struct rte_crypto_modex_xform modex; > > + struct rte_crypto_ecdsa_xform ecdsa; > > + struct rte_crypto_ecdh_xform ecdh; > > + struct rte_crypto_dsa_xform dsa; > > + }; > > +}; > > + > > +struct rte_cryptodev_asym_session; > > + > > +/** > > + * Crypto operation session type. This is used to specify whether a crypto > > + * operation has session structure attached for immutable parameters or if > > all > > + * operation information is included in the operation data structure. > > + */ > > +enum rte_crypto_asym_op_sess_type { > > + RTE_CRYPTO_ASYM_OP_WITH_SESSION, > > + /**< Session based crypto operation */ > > + RTE_CRYPTO_ASYM_OP_SESSIONLESS > > + /**< Session-less crypto operation */ > > +}; > > + > > +/** > > + * Asymmetric Cryptographic Operation. > > + * > > + * This structure contains data relating to performing asymmetric > > cryptographic > > + * operation. > > + * > > + */ > > +struct rte_crypto_asym_op { > > + > > + enum rte_crypto_asym_op_sess_type sess_type; > > + enum rte_crypto_asym_xform_type type; > > + > > + RTE_STD_C11 > > + union { > > + enum rte_crypto_rsa_optype rsa_op; > > + /**< Type of RSA operation for transform */; > > + enum rte_crypto_modex_optype modex_op; > > + /**< Type of modular exponentiation operation */ > > + enum rte_crypto_ecdsa_optype ecdsa_op; > > + /**< ECDSA crypto xform operation type */ > > + enum rte_crypto_fecc_optype fecc_op; > > + /**< ECDSA crypto xform operation type */ > > + enum rte_crypto_dsa_optype dsa_op; > > + /**< DSA crypto xform operation type */ > > + }; > > + > > + RTE_STD_C11 > > + union { > > + struct rte_cryptodev_asym_session *session; > > + /**< Handle for the initialised session context */ > > + struct rte_crypto_asym_xform *xform; > > + /**< Session-less API crypto operation parameters */ > > + }; > > + > > + RTE_STD_C11 > > + union { > > + > > + struct { > > + rte_crypto_op_param message; > > + /**< > > + * Pointer to data > > + * - to be encrypted for RSA public encrypt. > > + * - to be decrypted for RSA private decrypt. > > + * - to be signed for RSA sign generation. > > + * - to be authenticated for RSA sign verification. > > + */ > > + > > + rte_crypto_op_param sign; > > + /**< > > + * Pointer to RSA signature data. If operation is RSA > > + * sign @ref RTE_CRYPTO_RSA_OP_SIGN, buffer will be > > + * over-written with generated signature. > > + * > > + * Length of the signature data will be equal to the > > + * RSA prime modulus length. > > + */ > > + > > + enum rte_crypto_rsa_padding_type pad; > > + /**< RSA padding scheme to be used for transform */ > > + > > + enum rte_crypto_auth_algorithm md; > > + /**< Hash algorithm to be used for data hash if padding > > + * scheme is either OAEP or PSS. Valid hash algorithms > > + * are: > > + * MD5, SHA1, SHA224, SHA256, SHA384, SHA512 > > + */ > > + > > + enum rte_crypto_auth_algorithm mgf1md; > > + /**< > > + * Hash algorithm to be used for mask generation if > > + * padding scheme is either OAEP or PSS. If padding > > + * scheme is unspecified data hash algorithm is used > > + * for mask generation. Valid hash algorithms are: > > + * MD5, SHA1, SHA224, SHA256, SHA384, SHA512 > > + */ > > + } rsa; > > + > > + struct { > > + rte_crypto_op_param pub_key; > > + /**< > > + * If DH operation type is > > + * KEY_GENERATION: > > + * if priv_key and public key are provided, the keys > > + * are copied to DH xform structure, else key pair is > > + * generated and stored in DH xform structure. > > + * pub_key data should be in Octet-string network > > + * byte order format. > > + * > > + * KEY_COMPUTATION: > > + * pub_key holds the key shared by peer during DH > > + * key exchange. pub_key data is written as Octet- > > + * string network byte order format. > > + */ > > + RTE_STD_C11 > > + union { > > + rte_crypto_op_param priv_key; > > + /**< > > + * If DH operation type is KEY_GENERATION, and > > + * priv_key is provided, the key is copied to > > + * DH xform structure, else generated and stored > > + * in DH xform structure. priv_key data is in > > + * in Octet-string network byte order format. > > + */ > > + rte_crypto_op_param shared_key; > > + /* > > + * If DH operation type is KEY_COMPUTATION: > > + * shared_key holds the shared secret > > + * computed. shared_key is written as > > + * Octet-string network byte order format. > > + */ > > + }; > > + } dh; > > + > > + struct { > > + rte_crypto_op_param base; > > + /**< > > + * Pointer to base of modular exponentiation data in > > + * Octet-string network byte order format. > > + */ > > + } modex; > > + > > + struct { > > + rte_crypto_op_param priv_key; > > + /**< > > + * If ECDH operation type is KEY_GENERATION, and > > + * priv_key is provided, the key is copied to ECDH > > + * xform structure, else generated and stored in > > + * ECDH xform structure in Octet-string network byte > > + * order. > > + * If ECDH operation type is KEY_COMPUTATION: > > + * priv_key holds the 'X' co-ordinate of the shared > > + * secret EC point computed in Octet-string network > > + * byte order. > > + */ > > + > > + rte_crypto_ec_point pub_key; > > + /**< > > + * If ECDH operation type is > > + * KEY_GENERATION: > > + * if priv_key and public key are provided, the keys > > + * are copied ECDH xform structure, else key pair is > > + * generated and stored in ECDH xform structure. > > + * > > + * KEY_COMPUTATION: > > + * pub_key holds peer's public key during ECDH > > + * key exchange in Octet-string network byte order. > > + */ > > + } ecdh; > > + > > + struct { > > + rte_crypto_op_param message; > > + /**< > > + * Pointer to data > > + * - to be signed for ECDSA signature generation. > > + * - to be authenticated for ECDSA sign verification. > > + */ > > + > > + rte_crypto_op_param sign; > > + /**< > > + * Pointer to ECDSA signature. If operation type is > > + * @ref RTE_CRYPTO_ECDSA_OP_VERIFY this buffer will be > > + * over-written with the signature. > > + * > > + * Length of ECDSA signature will be less than twice the > > + * length of prime modulus length. > > + */ > > + > > + rte_crypto_op_param k; > > + /**< > > + * Pointer to random scalar to be used for generation > > + * of ECDSA signature @ref RTE_CRYPTO_ECDSA_OP_SIGN. > > + * It is invalid if operation is ECDSA verify. > > + * Scalar data is in Octet-string network byte order > > + * format. > > + * > > + * Length of scalar K should be less than the prime > > + * modulus of the curve > > + */ > > + } ecdsa; > > + > > + struct { > > + > > + rte_crypto_op_param message; > > + /**< > > + * Pointer to data > > + * - to be signed for DSA signature generation. > > + * - to be authenticated for DSA sign verification. > > + * > > + * Length of data to be signed, if is more than > > + * prime modulus length, is truncated to length of > > + * prime modulus. > > + */ > > + > > + rte_crypto_op_param k; > > + /**< > > + * Pointer to random scalar to be used for DSA > > + * signature generation. K should be a non-zero number > > + * less than q. k is in Octet-string network byte > > + * order format. > > + */ > > + > > + } dsa; > > + > > + struct { > > + struct rte_crypto_ec_point p; > > + /**< > > + * Pointer to primary curve point for fundamental > > + * ECC operation. Data is in Octet-string network > > + * byte order format. > > + * Length of data in bytes cannot exceed the prime > > + * modulus length of the curve. > > + */ > > + > > + struct rte_crypto_ec_point q; > > + /**< > > + * > > + * Pointer to secondary curve point for fundamental > > + * ECC operation. Data is in Octet-string network > > + * byte order format. > > + * > > + * Length of data in bytes cannot exceed the prime > > + * modulus length of the curve. This point is valid > > + * only for point addition optype > > + * RTE_CRYPTO_FECC_OP_POINT_ADD crypto transform. > > + */ > > + > > + rte_crypto_op_param k; > > + /**< > > + * Pointer to scalar data to be used only for point > > + * multiplication @ref RTE_CRYPTO_FECC_OP_POINT_MULTIPLY > > + * crypto transform. Data is in Octet-string network > > + * byte order format. > > + * > > + * Length of data in bytes cannot exceed the prime > > + * modulus length of the curve. > > + */ > > + > > + struct rte_crypto_ec_point r; > > + /**< > > + * Pointer to the resultant point on the curve after > > + * fundamental ECC crypto transform. Data is in > > + * Octet-string network byte order format. > > + * Length of data in bytes cannot exceed the prime > > + * modulus length of the curve. > > + */ > > + > > + } fecc; > > + > > + struct { > > + > > + rte_crypto_op_param prime; > > + /**< > > + * Pointer to the prime modulus data for modular > > + * inverse operation in Octet-string network byte > > + * order format. > > + */ > > + > > + rte_crypto_op_param base; > > + /**< > > + * Pointer to the base for the modular inverse > > + * operation in Octet-string network byte order > > + * format. > > + */ > > + } modinv; > > + }; > > + > > +} __rte_cache_aligned; > > + > > + > > + > > +/** > > + * Reset the fields of an asymmetric operation to their default values. > > + * > > + * @param op The crypto operation to be reset. > > + */ > > +static inline void > > +__rte_crypto_asym_op_reset(struct rte_crypto_asym_op *op) > > +{ > > + memset(op, 0, sizeof(*op)); > > + > > + op->sess_type = RTE_CRYPTO_ASYM_OP_SESSIONLESS; > > +} > > + > > + > > +/** > > + * Allocate space for asymmetric crypto xforms in the private data space > > of the > > + * crypto operation. This also defaults the crypto xform type to > > + * RTE_CRYPTO_ASYM_XFORM_NOT_SPECIFIED and configures the chaining of the > > xforms > > + * in the crypto operation > > + * > > + * @return > > + * - On success returns pointer to first crypto xform in crypto operations > > chain > > + * - On failure returns NULL > > + */ > > +static inline struct rte_crypto_asym_xform * > > +__rte_crypto_asym_op_asym_xforms_alloc(struct rte_crypto_asym_op *asym_op, > > + void *priv_data, uint8_t nb_xforms) > > +{ > > + struct rte_crypto_asym_xform *xform; > > + > > + asym_op->xform = xform = (struct rte_crypto_asym_xform *)priv_data; > > + > > + do { > > + xform->type = RTE_CRYPTO_ASYM_XFORM_NOT_SPECIFIED; > > + xform = xform->next = --nb_xforms > 0 ? xform + 1 : NULL; > > + } while (xform); > > + > > + return asym_op->xform; > > +} > > + > > + > > +/** > > + * Attach a session to an asymmetric crypto operation > > + * > > + * @param asym_op crypto operation > > + * @param sess cryptodev session > > + */ > > +static inline int > > +__rte_crypto_asym_op_attach_asym_session(struct rte_crypto_asym_op > > *asym_op, > > + struct rte_cryptodev_asym_session *sess) > > +{ > > + asym_op->session = sess; > > + asym_op->sess_type = RTE_CRYPTO_ASYM_OP_WITH_SESSION; > > + > > + return 0; > > +} > > + > > + > > +#ifdef __cplusplus > > +} > > +#endif > > + > > +#endif /* _RTE_CRYPTO_ASYM_H_ */ > > -- > > 1.8.3.1 > Regards, Umesh
