[dpdk-dev] [RFC] specifications for asymmetric crypto algorithms
This RFC contains specifications for asymmetric crypto algorithms.
Asymmetric crypto algorithms are essential part of protocols such as
SSL/TLS. As the current DPDK crypto library lacks support for asymmetric
crypto algorithms, this RFC is an attempt to address it.
Cavium offers PCI hardware accelerators that supports symmetric and
asymmetric crypto algorithms, of which a few are addressed in this RFC.
Once specifications are agreed upon, I can submit a patch for the same.
We will develop a poll mode driver which can offload to OpenSSL crypto
library and to Cavium crypto accelerator.
The asymmetric crypto algorithms supported in this version are:
1 RSA
- RSA Sign
- RSA Verify
- RSA Public Encrypt
- RSA Private Decrypt
Padding schemes supported for RSA operations are
* RSA PKCS#1 BT1
* RSA PKCS#1 BT2
* RSA PKCS#1 OAEP
* RSA PKCS#1 PSS
2 ECDSA
- ECDSA Sign
- ECDSA Verify
Curves supported for ECDSA operations are
* Prime192v1
* Secp224k1
* Prime256v1
* Secp384r1
* Secp521r1
3 MODEXP
4 FUNDAMENTAL ECC
- Point Addition
- Point Multiplication
- Point Doubling
Curves supported for fundamental ECC operations are same as that of
ECDSA operations.
Asymmetric crypto transform operations support both session oriented
mode (WIP) and session less mode. If the operation is sessionless, an
asymmetric crypto transform structure, containing immutable parameters,
is passed along with per-operation mutable parameters in the structure.
Specific structures were written to contain immutable parameters
depending on algorithm used for crypto transform operation. The
parameters and type of transform is distinguished by the algorithm for
which the transform structure is filled. For a particular asymmetric
algorithm, not all parameters will be used and hence not required to be
filled.
Unlike symmetric operations, asymmetric operations can have more than
one resultant component for a single transform. Hence, only for select
operation types do we use destination mbuf structure passed along with
other operation parameters. The lengths of input and output parameters
are fixed and short. Depending on the algorithm, the number of inputs to
crypto transform operation, both mutable and immutable parameters,
vary. Depending on the algorithm, the type of data expected at source
mbuf varies and has been described.
---
lib/librte_cryptodev/rte_crypto.h | 135 -
lib/librte_cryptodev/rte_crypto_asym.h | 881 +
2 files changed, 1013 insertions(+), 3 deletions(-)
create mode 100644 lib/librte_cryptodev/rte_crypto_asym.h
diff --git lib/librte_cryptodev/rte_crypto.h lib/librte_cryptodev/rte_crypto.h
index 9019518..a8720bf 100644
--- lib/librte_cryptodev/rte_crypto.h
+++ lib/librte_cryptodev/rte_crypto.h
@@ -51,6 +51,7 @@
#include
#include "rte_crypto_sym.h"
+#include "rte_crypto_asym.h"
/** Crypto operation types */
enum rte_crypto_op_type {
@@ -58,6 +59,8 @@ enum rte_crypto_op_type {
/**< Undefined operation type */
RTE_CRYPTO_OP_TYPE_SYMMETRIC,
/**< Symmetric operation */
+ RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ /**< Asymmetric operation */
};
/** Status of crypto operation */
@@ -75,6 +78,29 @@ enum rte_crypto_op_status {
* Symmetric operation failed due to invalid session arguments, or if
* in session-less mode, failed to allocate private operation material.
*/
+ RTE_CRYPTO_OP_STATUS_RSA_DATA_TOO_LARGE,
+ /**< Length of data to be encrypted/signed is too large */
+ RTE_CRYPTO_OP_STATUS_PKCS_DECRYPT_FAILED,
+ /**<
+* PKCS decrypt operation failed due to bad padding.
+*/
+ RTE_CRYPTO_OP_STATUS_RSA_VERIFY_FAILED,
+ /**<
+* PKCS RSA signature verification failed.
+*/
+ RTE_CRYPTO_OP_STATUS_ECDSA_INVALID_SIGNATURE,
+ /**<
+* ECDSA signature generation failed due to either ECDSA_SIGN->r or
+* ECDSA_SIGN->s component being invalid.
+*/
+ RTE_CRYPTO_OP_STATUS_ECDSA_VERIFY_FAILED,
+ /**<
+* ECDSA signature verification failed.
+*/
+ RTE_CRYPTO_OP_STATUS_ECC_POINT_AT_INFINITY,
+ /**<
+* ECC Operation failed due to point at infinity
+*/
RTE_CRYPTO_OP_STATUS_INVALID_ARGS,
/**< Operation failed due to invalid arguments in request */
RTE_CRYPTO_OP_STATUS_ERROR,
@@ -116,6 +142,8 @@ struct rte_crypto_op {
union {
struct rte_crypto_sym_op *sym;
/**< Symmetric operation parameters */
+ struct rte_crypto_asym_op *asym;
+ /**< Asymmetric operation parameters */
}; /**< operation specific parameters */
} __rte_cache_aligned;
@@ -141,6 +169,14 @@ struct rte_crypto_op {
__rte_crypto_sym_op_reset(op->sym);
break;
+ case RTE_CRYPTO_OP_TYPE_ASYMMETRIC:
+ /** Asymmetri
Re: [dpdk-dev] [RFC PATCH v2 1/3] cryptodev: added asymmetric algorithms
Hi Fiona, On Mon, May 29, 2017 at 02:51:11PM +, Trahe, Fiona wrote: > Hi Umesh, > > > -Original Message- > > From: Umesh Kartha [mailto:umesh.kar...@caviumnetworks.com] > > Sent: Friday, May 26, 2017 8:18 AM > > To: Trahe, Fiona > > Cc: dev@dpdk.org; Jerin Jacob ; > > Balasubramanian Manoharan > > ; Ram Kumar ; > > Murthy > > Nidadavolu ; Doherty, Declan > > ; De Lara > > Guarch, Pablo > > Subject: Re: [RFC PATCH v2 1/3] cryptodev: added asymmetric algorithms > > > > Hi Fiona, > > > > > > On Thu, May 25, 2017 at 04:00:42PM +0000, Trahe, Fiona wrote: > > > Hi Umesh, > > > > > > > > > > -Original Message- > > > > From: Umesh Kartha [mailto:umesh.kar...@caviumnetworks.com] > > > > Sent: Thursday, May 11, 2017 1:36 PM > > > > To: dev@dpdk.org > > > > Cc: Jerin Jacob ; Balasubramanian > > > > Manoharan > > > > ; Ram Kumar > > > > ; Murthy > > > > Nidadavolu ; Doherty, Declan > > > > ; De > > Lara > > > > Guarch, Pablo ; Trahe, Fiona > > > > > > > > Subject: [RFC PATCH v2 1/3] cryptodev: added asymmetric algorithms > > > > > > > > Added asymmetric xform structures, operation definitions, operation > > > > parameters. Added asymmetric algorithms RSA, DH, ECDH, DSA, ECDSA, > > > > MODEXP, FECC, MOD-INVERSE. Added curves (all curves supported by > > > > libcrypto as of now). > > > > > > > > Signed-off-by: Umesh Kartha > > > > --- > > > > lib/librte_cryptodev/rte_crypto_asym.h | 1124 > > > > > > > > 1 file changed, 1124 insertions(+) > > > > create mode 100644 lib/librte_cryptodev/rte_crypto_asym.h > > > > > > > > diff --git lib/librte_cryptodev/rte_crypto_asym.h > > > > lib/librte_cryptodev/rte_crypto_asym.h > > > > new file mode 100644 > > > > index 000..36a8b4f > > > > --- /dev/null > > > > +++ lib/librte_cryptodev/rte_crypto_asym.h > > > > @@ -0,0 +1,1124 @@ > > > > +/* > > > > + * BSD LICENSE > > > > + * > > > > + * Copyright (C) Cavium networks Ltd. 2017. > > > > + * > > > > + * Redistribution and use in source and binary forms, with or without > > > > + * modification, are permitted provided that the following conditions > > > > + * are met: > > > > + * > > > > + * * Redistributions of source code must retain the above copyright > > > > + * notice, this list of conditions and the following disclaimer. > > > > + * * Redistributions in binary form must reproduce the above > > > > copyright > > > > + * notice, this list of conditions and the following disclaimer > > > > in > > > > + * the documentation and/or other materials provided with the > > > > + * distribution. > > > > + * * Neither the name of Cavium Networks nor the names of its > > > > + * contributors may be used to endorse or promote products > > > > derived > > > > + * from this software without specific prior written permission. > > > > + * > > > > + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND > > > > CONTRIBUTORS > > > > + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > > > > + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS > > > > FOR > > > > + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE > > > > COPYRIGHT > > > > + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, > > > > INCIDENTAL, > > > > + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT > > > > + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF > > > > USE, > > > > + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON > > > > ANY > > > > + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR > > > > TORT > > > > + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE > > > > USE > > > > + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH > > > > DAMAGE. > > > > + */ > > > > + > > > > +#
Re: [dpdk-dev] [RFC] specifications for asymmetric crypto algorithms
Hi Fiona,
Sorry for the delay in response and thanks for the feedback. I have
included the suggested changes for v2. Please find comments inline.
On Thu, Apr 06, 2017 at 11:39:42AM +, Trahe, Fiona wrote:
> Hi Umesh,
>
> > -Original Message-
> > From: dev [mailto:dev-boun...@dpdk.org] On Behalf Of Umesh Kartha
> > Sent: Wednesday, March 22, 2017 10:17 AM
> > To: dev@dpdk.org
> > Cc: Jerin Jacob ; Balasubramanian
> > Manoharan ; Ram Kumar
> > ; Murthy Nidadavolu
> > ; Doherty, Declan
> > ; De Lara Guarch, Pablo
> >
> > Subject: [dpdk-dev] [RFC] specifications for asymmetric crypto algorithms
> >
> >
> > This RFC contains specifications for asymmetric crypto algorithms.
> > Asymmetric crypto algorithms are essential part of protocols such as
> > SSL/TLS. As the current DPDK crypto library lacks support for asymmetric
> > crypto algorithms, this RFC is an attempt to address it.
> >
>
> I agree with Declan that it's great to see this RFC and the expansion to
> the cryptodev framework functionality.
> Some comments below - marked with [Fiona] to find more easily.
>
> > Cavium offers PCI hardware accelerators that supports symmetric and
> > asymmetric crypto algorithms, of which a few are addressed in this RFC.
> > Once specifications are agreed upon, I can submit a patch for the same.
> > We will develop a poll mode driver which can offload to OpenSSL crypto
> > library and to Cavium crypto accelerator.
>
> [Fiona] great. Implementing both HW and openssl-based SW PMDs will help
> to refine the API and ensure it's as generic as possible.
>
> >
> > The asymmetric crypto algorithms supported in this version are:
> >
> > 1 RSA
> > - RSA Sign
> > - RSA Verify
> > - RSA Public Encrypt
> > - RSA Private Decrypt
> >
> > Padding schemes supported for RSA operations are
> > * RSA PKCS#1 BT1
> > * RSA PKCS#1 BT2
> > * RSA PKCS#1 OAEP
> > * RSA PKCS#1 PSS
> >
> > 2 ECDSA
> > - ECDSA Sign
> > - ECDSA Verify
> >
> > Curves supported for ECDSA operations are
> > * Prime192v1
> > * Secp224k1
> > * Prime256v1
> > * Secp384r1
> > * Secp521r1
> >
> > 3 MODEXP
> >
> > 4 FUNDAMENTAL ECC
> > - Point Addition
> > - Point Multiplication
> > - Point Doubling
> >
> >Curves supported for fundamental ECC operations are same as that of
> >ECDSA operations.
> >
> > Asymmetric crypto transform operations support both session oriented
> > mode (WIP) and session less mode. If the operation is sessionless, an
> > asymmetric crypto transform structure, containing immutable parameters,
> > is passed along with per-operation mutable parameters in the structure.
> > Specific structures were written to contain immutable parameters
> > depending on algorithm used for crypto transform operation. The
> > parameters and type of transform is distinguished by the algorithm for
> > which the transform structure is filled. For a particular asymmetric
> > algorithm, not all parameters will be used and hence not required to be
> > filled.
> >
> > Unlike symmetric operations, asymmetric operations can have more than
> > one resultant component for a single transform. Hence, only for select
> > operation types do we use destination mbuf structure passed along with
> > other operation parameters. The lengths of input and output parameters
> > are fixed and short. Depending on the algorithm, the number of inputs to
> > crypto transform operation, both mutable and immutable parameters,
> > vary. Depending on the algorithm, the type of data expected at source
> > mbuf varies and has been described.
> >
> > ---
> > lib/librte_cryptodev/rte_crypto.h | 135 -
> > lib/librte_cryptodev/rte_crypto_asym.h | 881
> > +
> > 2 files changed, 1013 insertions(+), 3 deletions(-)
> > create mode 100644 lib/librte_cryptodev/rte_crypto_asym.h
> >
> > diff --git lib/librte_cryptodev/rte_crypto.h
> > lib/librte_cryptodev/rte_crypto.h
> > index 9019518..a8720bf 100644
> > --- lib/librte_cryptodev/rte_crypto.h
> > +++ lib/librte_cryptodev/rte_crypto.h
> > @@ -51,6 +51,7 @@
> > #include
> >
> > #include "rte_crypto_sym.h"
> > +#include "rte_crypto_asym.h"
> >
> > /** Crypto operation types */
> > enum rte_crypto_op_type {
> > @@ -58,6 +59,8 @@ enum rte_crypto_op_type {
>
[dpdk-dev] [RFC PATCH v2 0/3] specifications for asymmetric crypto algorithms
This RFC contains specifications for asymmetric crypto algorithms. Asymmetric crypto algorithms are essential part of protocols such as SSL/TLS. As the current DPDK crypto library lacks support for asymmetric crypto algorithms, this RFC is an attempt to address it. Cavium offers PCI hardware accelerators that supports symmetric and asymmetric crypto algorithms, of which a few are addressed in this RFC. Once specifications are agreed upon, I can submit a patch for the same. We will develop a poll mode driver which can offload to OpenSSL crypto library and to Cavium crypto accelerator. The asymmetric crypto algorithms supported in this version are: 1 RSA - RSA Sign - RSA Verify - RSA Public Encrypt - RSA Private Decrypt Padding schemes supported for RSA operations are * RSA PKCS#1 BT1 * RSA PKCS#1 BT2 * RSA PKCS#1 OAEP * RSA PKCS#1 PSS 2 DH - DH generate key - DH compute key 3 ECDH - ECDH generate key - ECDH check key - ECDH compute key 4 DSA - DSA Sign - DSA Verify 5 ECDSA - ECDSA Sign - ECDSA Verify 6 MODEXP 7 FUNDAMENTAL ECC - Point Addition - Point Multiplication - Point Doubling 8 MODULAR INVERSE Asymmetric crypto transform operations support both session oriented mode and session less mode. If the operation is sessionless, an asymmetric crypto transform structure, containing immutable parameters, is passed along with per-operation mutable parameters in the structure. Specific structures were written to contain immutable parameters depending on algorithm used for crypto transform operation. The parameters and type of transform is distinguished by the algorithm for which the transform structure is filled. For a particular asymmetric algorithm, not all parameters will be used and hence not required to be filled. Changes from RFC v1: Added additional algorithms : DH/ECDH/MODINVERSE/DSA Added additional curves for ECC operations: All cuves supported by libcrypto. As per the comments received for RFC v1: - removed mbufs from asymmetric crypto operation structure. - added separate queue pair in device structure to handle asymmetric crypto operations. - added APIs to start/stop/initialize queue pairs to handle asymmetric crypto operations. - added asymmetric session structure and related APIs to handle session operations (initialize/allocate/free) etc. RFC v1: http://dpdk.org/ml/archives/dev/2017-March/060869.html Umesh Kartha (3): cryptodev: added asymmetric algorithms cryptodev: asymmetric algorithm capability definitions cryptodev: added asym queue pair, session apis lib/librte_cryptodev/rte_crypto.h| 135 +++- lib/librte_cryptodev/rte_crypto_asym.h | 1124 ++ lib/librte_cryptodev/rte_cryptodev.c | 782 - lib/librte_cryptodev/rte_cryptodev.h | 414 +++ lib/librte_cryptodev/rte_cryptodev_pmd.h | 113 +++ 5 files changed, 2564 insertions(+), 4 deletions(-) create mode 100644 lib/librte_cryptodev/rte_crypto_asym.h -- 1.8.3.1
[dpdk-dev] [RFC PATCH v2 1/3] cryptodev: added asymmetric algorithms
Added asymmetric xform structures, operation definitions, operation
parameters. Added asymmetric algorithms RSA, DH, ECDH, DSA, ECDSA,
MODEXP, FECC, MOD-INVERSE. Added curves (all curves supported by
libcrypto as of now).
Signed-off-by: Umesh Kartha
---
lib/librte_cryptodev/rte_crypto_asym.h | 1124
1 file changed, 1124 insertions(+)
create mode 100644 lib/librte_cryptodev/rte_crypto_asym.h
diff --git lib/librte_cryptodev/rte_crypto_asym.h
lib/librte_cryptodev/rte_crypto_asym.h
new file mode 100644
index 000..36a8b4f
--- /dev/null
+++ lib/librte_cryptodev/rte_crypto_asym.h
@@ -0,0 +1,1124 @@
+/*
+ * BSD LICENSE
+ *
+ * Copyright (C) Cavium networks Ltd. 2017.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Cavium Networks nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _RTE_CRYPTO_ASYM_H_
+#define _RTE_CRYPTO_ASYM_H_
+
+/**
+ * @file rte_crypto_asym.h
+ *
+ * RTE Definitions for Asymmetric Cryptography
+ *
+ * Defines asymmetric algorithms and modes, as well as supported
+ * asymmetric crypto operations.
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include "rte_crypto_sym.h"
+
+typedef struct rte_crypto_xform_param_t {
+ uint8_t *data;
+ size_t length;
+} rte_crypto_xform_param;
+
+typedef struct rte_crypto_op_param_t {
+ uint8_t *data;
+ phys_addr_t phys_addr;
+ size_t length;
+} rte_crypto_op_param;
+
+/** Asymmetric crypto transformation types */
+enum rte_crypto_asym_xform_type {
+ RTE_CRYPTO_ASYM_XFORM_NOT_SPECIFIED = 0,
+ RTE_CRYPTO_ASYM_XFORM_RSA,
+ RTE_CRYPTO_ASYM_XFORM_MODEX,
+ RTE_CRYPTO_ASYM_XFORM_DH,
+ RTE_CRYPTO_ASYM_XFORM_ECDH,
+ RTE_CRYPTO_ASYM_XFORM_DSA,
+ RTE_CRYPTO_ASYM_XFORM_ECDSA,
+ RTE_CRYPTO_ASYM_XFORM_FECC,
+ RTE_CRYPTO_ASYM_XFORM_MODINV,
+ RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
+};
+
+/**
+ * RSA operation type variants
+ */
+enum rte_crypto_rsa_optype {
+ RTE_CRYPTO_RSA_OP_NOT_SPECIFIED = 1,
+ /**< RSA operation unspecified */
+ RTE_CRYPTO_RSA_OP_PUBLIC_ENCRYPT,
+ /**< RSA public encrypt operation */
+ RTE_CRYPTO_RSA_OP_PRIVATE_DECRYPT,
+ /**< RSA private decrypt operation */
+ RTE_CRYPTO_RSA_OP_SIGN,
+ /**< RSA private key signature operation */
+ RTE_CRYPTO_RSA_OP_VERIFY,
+ /**< RSA public key verification operation */
+ RTE_CRYPTO_RSA_OP_LIST_END
+};
+
+/**
+ * Padding types for RSA signature.
+ */
+enum rte_crypto_rsa_padding_type {
+ RTE_CRYPTO_RSA_PADDING_NOT_SPECIFIED = 1,
+ /**< RSA no padding scheme */
+ RTE_CRYPTO_RSA_PADDING_BT1,
+ /**< RSA PKCS#1 padding BT1 scheme */
+ RTE_CRYPTO_RSA_PADDING_BT2,
+ /**< RSA PKCS#1 padding BT2 scheme */
+ RTE_CRYPTO_RSA_PADDING_OAEP,
+ /**< RSA PKCS#1 OAEP padding scheme */
+ RTE_CRYPTO_RSA_PADDING_PSS,
+ /**< RSA PKCS#1 PSS padding scheme */
+ RTE_CRYPTO_RSA_PADDING_TYPE_LIST_END
+};
+
+/**
+ * Modular exponentiaion operation type variants
+ */
+enum rte_crypto_modex_optype {
+ RTE_CRYPTO_MODEX_OP_NOT_SPECIFIED = 1,
+ /**< ModEx operation type unspecified */
+ RTE_CRYPTO_MODEX_OP_MODEX,
+ /**< Modex operation modular exponentiation */
+ RTE_CRYPTO_MODEX_OP_LIST_END
+};
+
+/**
+ * Modular Inverse operation type variants
+ */
+enum rte_
[dpdk-dev] [RFC PATCH v2 2/3] cryptodev: asymmetric algorithm capability definitions
Added asymmetric algorithm capability structures, operation error codes,
application helper functions. Added asymmetric algorithm/operation
variants, capability query APIs.
Signed-off-by: Umesh Kartha
---
lib/librte_cryptodev/rte_crypto.h| 135 ++-
lib/librte_cryptodev/rte_cryptodev.c | 430 +++
lib/librte_cryptodev/rte_cryptodev.h | 334 +++
3 files changed, 896 insertions(+), 3 deletions(-)
diff --git lib/librte_cryptodev/rte_crypto.h lib/librte_cryptodev/rte_crypto.h
index 9019518..a8720bf 100644
--- lib/librte_cryptodev/rte_crypto.h
+++ lib/librte_cryptodev/rte_crypto.h
@@ -51,6 +51,7 @@
#include
#include "rte_crypto_sym.h"
+#include "rte_crypto_asym.h"
/** Crypto operation types */
enum rte_crypto_op_type {
@@ -58,6 +59,8 @@ enum rte_crypto_op_type {
/**< Undefined operation type */
RTE_CRYPTO_OP_TYPE_SYMMETRIC,
/**< Symmetric operation */
+ RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ /**< Asymmetric operation */
};
/** Status of crypto operation */
@@ -75,6 +78,29 @@ enum rte_crypto_op_status {
* Symmetric operation failed due to invalid session arguments, or if
* in session-less mode, failed to allocate private operation material.
*/
+ RTE_CRYPTO_OP_STATUS_RSA_DATA_TOO_LARGE,
+ /**< Length of data to be encrypted/signed is too large */
+ RTE_CRYPTO_OP_STATUS_PKCS_DECRYPT_FAILED,
+ /**<
+* PKCS decrypt operation failed due to bad padding.
+*/
+ RTE_CRYPTO_OP_STATUS_RSA_VERIFY_FAILED,
+ /**<
+* PKCS RSA signature verification failed.
+*/
+ RTE_CRYPTO_OP_STATUS_ECDSA_INVALID_SIGNATURE,
+ /**<
+* ECDSA signature generation failed due to either ECDSA_SIGN->r or
+* ECDSA_SIGN->s component being invalid.
+*/
+ RTE_CRYPTO_OP_STATUS_ECDSA_VERIFY_FAILED,
+ /**<
+* ECDSA signature verification failed.
+*/
+ RTE_CRYPTO_OP_STATUS_ECC_POINT_AT_INFINITY,
+ /**<
+* ECC Operation failed due to point at infinity
+*/
RTE_CRYPTO_OP_STATUS_INVALID_ARGS,
/**< Operation failed due to invalid arguments in request */
RTE_CRYPTO_OP_STATUS_ERROR,
@@ -116,6 +142,8 @@ struct rte_crypto_op {
union {
struct rte_crypto_sym_op *sym;
/**< Symmetric operation parameters */
+ struct rte_crypto_asym_op *asym;
+ /**< Asymmetric operation parameters */
}; /**< operation specific parameters */
} __rte_cache_aligned;
@@ -141,6 +169,14 @@ struct rte_crypto_op {
__rte_crypto_sym_op_reset(op->sym);
break;
+ case RTE_CRYPTO_OP_TYPE_ASYMMETRIC:
+ /** Asymmetric operation structure starts after the end of the
+* rte_crypto_op strucutre.
+*/
+ op->asym = (struct rte_crypto_asym_op *)(op + 1);
+ op->type = type;
+
+ __rte_crypto_asym_op_reset(op->asym);
default:
break;
}
@@ -303,13 +339,25 @@ struct rte_crypto_op_pool_private {
__rte_crypto_op_get_priv_data(struct rte_crypto_op *op, uint32_t size)
{
uint32_t priv_size;
+ int type = op->type;
if (likely(op->mempool != NULL)) {
priv_size = __rte_crypto_op_get_priv_data_size(op->mempool);
- if (likely(priv_size >= size))
- return (void *)((uint8_t *)(op + 1) +
+ if (likely(priv_size >= size)) {
+ switch (type) {
+ case RTE_CRYPTO_OP_TYPE_SYMMETRIC:
+ return (void *)((uint8_t *)(op + 1) +
sizeof(struct rte_crypto_sym_op));
+ break;
+ case RTE_CRYPTO_OP_TYPE_ASYMMETRIC:
+ return (void *)((uint8_t *)(op + 1) +
+ sizeof(struct rte_crypto_asym_op));
+ break;
+ default:
+ break;
+ }
+ }
}
return NULL;
@@ -320,7 +368,7 @@ struct rte_crypto_op_pool_private {
* If operation has been allocate from a rte_mempool, then the operation will
* be returned to the mempool.
*
- * @param op symmetric crypto operation
+ * @param op crypto operation
*/
static inline void
rte_crypto_op_free(struct rte_crypto_op *op)
@@ -410,6 +458,87 @@ struct rte_crypto_op_pool_private {
return __rte_crypto_sym_op_attach_sym_session(op->sym, sess);
}
+/**
+ * Allocate an asymmetric crypto operation in the private data of an mbuf.
+ *
+ * @param m mbuf which is associated with the crypto
[dpdk-dev] [RFC PATCH v2 3/3] cryptodev: added asym queue pair and session apis
Added asymmetric operation queue pairs to device file. Added asymmetric
session creation/initialisation/deletion APIs. Added asymmetric queue
pair APIs to device ops. Added APIs to attach asym session to queue
pairs.
Signed-off-by: Umesh Kartha
---
lib/librte_cryptodev/rte_cryptodev.c | 352 ++-
lib/librte_cryptodev/rte_cryptodev.h | 80 +++
lib/librte_cryptodev/rte_cryptodev_pmd.h | 113 ++
3 files changed, 544 insertions(+), 1 deletion(-)
diff --git lib/librte_cryptodev/rte_cryptodev.c
lib/librte_cryptodev/rte_cryptodev.c
index abcdeb0..d4e943c 100644
--- lib/librte_cryptodev/rte_cryptodev.c
+++ lib/librte_cryptodev/rte_cryptodev.c
@@ -1242,6 +1242,15 @@ struct rte_cryptodev *
return dev->data->nb_queue_pairs;
}
+uint16_t
+rte_cryptodev_asym_queue_pair_count(uint8_t dev_id)
+{
+ struct rte_cryptodev *dev;
+
+ dev = &rte_crypto_devices[dev_id];
+ return dev->data->asym_nb_queue_pairs;
+}
+
static int
rte_cryptodev_queue_pairs_config(struct rte_cryptodev *dev, uint16_t nb_qpairs,
int socket_id)
@@ -1320,6 +1329,87 @@ struct rte_cryptodev *
return 0;
}
+static int
+rte_cryptodev_asym_queue_pairs_config(struct rte_cryptodev *dev,
+ uint16_t nb_qpairs, int socket_id)
+{
+ struct rte_cryptodev_info dev_info;
+ void **qp;
+ unsigned i;
+ uint16_t sym_nb_qps = dev->data->nb_queue_pairs;
+
+ if ((dev == NULL) || (nb_qpairs < 1)) {
+ CDEV_LOG_ERR("invalid param: dev %p, nb_queues %u",
+ dev, nb_qpairs);
+ return -EINVAL;
+ }
+
+ CDEV_LOG_DEBUG("Setup asym %d queues pairs on device %u",
+ nb_qpairs, dev->data->dev_id);
+
+ memset(&dev_info, 0, sizeof(struct rte_cryptodev_info));
+
+ RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->dev_infos_get, -ENOTSUP);
+ (*dev->dev_ops->dev_infos_get)(dev, &dev_info);
+
+ if ((nb_qpairs + sym_nb_qps) > (dev_info.max_nb_queue_pairs)) {
+ CDEV_LOG_ERR("Invalid num asym queue_pairs (%u) for dev %u",
+ nb_qpairs, dev->data->dev_id);
+ return -EINVAL;
+ }
+
+ if (dev->data->asym_queue_pairs == NULL) {
+ /* first time configuration */
+ dev->data->asym_queue_pairs = rte_zmalloc_socket(
+ "cryptodev->queue_pairs",
+ sizeof(dev->data->asym_queue_pairs[0]) * nb_qpairs,
+ RTE_CACHE_LINE_SIZE, socket_id);
+
+ if (dev->data->asym_queue_pairs == NULL) {
+ dev->data->asym_nb_queue_pairs = 0;
+ CDEV_LOG_ERR("failed to get memory for asym "
+"qp meta data, "
+ "nb_queues %u",
+ nb_qpairs);
+ return -(ENOMEM);
+ }
+ } else { /* re-configure */
+ int ret;
+ uint16_t old_nb_queues = dev->data->asym_nb_queue_pairs;
+
+ qp = dev->data->asym_queue_pairs;
+
+ RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->queue_pair_release,
+ -ENOTSUP);
+
+ for (i = nb_qpairs; i < old_nb_queues; i++) {
+ ret = (*dev->dev_ops->queue_pair_release)(dev, i);
+ if (ret < 0)
+ return ret;
+ }
+
+ qp = rte_realloc(qp, sizeof(qp[0]) * nb_qpairs,
+ RTE_CACHE_LINE_SIZE);
+ if (qp == NULL) {
+ CDEV_LOG_ERR("failed to realloc asym qp meta data,"
+ " nb_queues %u", nb_qpairs);
+ return -(ENOMEM);
+ }
+
+ if (nb_qpairs > old_nb_queues) {
+ uint16_t new_qs = nb_qpairs - old_nb_queues;
+
+ memset(qp + old_nb_queues, 0,
+ sizeof(qp[0]) * new_qs);
+ }
+
+ dev->data->asym_queue_pairs = qp;
+
+ }
+ dev->data->asym_nb_queue_pairs = nb_qpairs;
+ return 0;
+}
+
int
rte_cryptodev_queue_pair_start(uint8_t dev_id, uint16_t queue_pair_id)
{
@@ -1368,6 +1458,10 @@ struct rte_cryptodev *
rte_cryptodev_sym_session_pool_create(struct rte_cryptodev *dev,
unsigned nb_objs, unsigned obj_cache_size, int socket_id);
+static int
+rte_cryptodev_asym_session_pool_create(struct rte_cryptodev *dev,
+ unsigned nb_objs, unsigned obj_cache_size, int socket_id);
+
int
rte_crypt
Re: [dpdk-dev] [RFC PATCH v2 0/3] specifications for asymmetric crypto algorithms
Hi Neil, On Fri, May 12, 2017 at 08:15:57AM -0400, Neil Horman wrote: > On Thu, May 11, 2017 at 06:05:29PM +0530, Umesh Kartha wrote: > > This RFC contains specifications for asymmetric crypto algorithms. > > Asymmetric crypto algorithms are essential part of protocols such as > > SSL/TLS. As the current DPDK crypto library lacks support for asymmetric > > crypto algorithms, this RFC is an attempt to address it. > > > > Cavium offers PCI hardware accelerators that supports symmetric and > > asymmetric crypto algorithms, of which a few are addressed in this RFC. > > Once specifications are agreed upon, I can submit a patch for the same. > > We will develop a poll mode driver which can offload to OpenSSL crypto > > library and to Cavium crypto accelerator. > > > > The asymmetric crypto algorithms supported in this version are: > > > This all appears to modify the cryptodev api, but I don't see where said > modification was announced. > > Additionally, I don't see modifications to a map file to export the api > symbols. > Have you tested this in a shared library build? > > Neil > This is just an RFC for asymmetric crypto operation specifications. The specifications are not finalised. Once the specifications are finalised, support for asymmetric algorithms will be added to OpenSSL PMD. > > 1 RSA > > - RSA Sign > > - RSA Verify > > - RSA Public Encrypt > > - RSA Private Decrypt > > > > Padding schemes supported for RSA operations are > > * RSA PKCS#1 BT1 > > * RSA PKCS#1 BT2 > > * RSA PKCS#1 OAEP > > * RSA PKCS#1 PSS > > > > 2 DH > > - DH generate key > > - DH compute key > > > > 3 ECDH > > - ECDH generate key > > - ECDH check key > > - ECDH compute key > > > > 4 DSA > > - DSA Sign > > - DSA Verify > > > > 5 ECDSA > > - ECDSA Sign > > - ECDSA Verify > > > > 6 MODEXP > > > > 7 FUNDAMENTAL ECC > > - Point Addition > > - Point Multiplication > > - Point Doubling > > > > 8 MODULAR INVERSE > > > > > > Asymmetric crypto transform operations support both session oriented > > mode and session less mode. If the operation is sessionless, an > > asymmetric crypto transform structure, containing immutable parameters, > > is passed along with per-operation mutable parameters in the structure. > > Specific structures were written to contain immutable parameters > > depending on algorithm used for crypto transform operation. The > > parameters and type of transform is distinguished by the algorithm for > > which the transform structure is filled. For a particular asymmetric > > algorithm, not all parameters will be used and hence not required to be > > filled. > > > > Changes from RFC v1: > > > > Added additional algorithms : DH/ECDH/MODINVERSE/DSA > > Added additional curves for ECC operations: All cuves supported by > > libcrypto. > > As per the comments received for RFC v1: > > - removed mbufs from asymmetric crypto operation structure. > > - added separate queue pair in device structure to handle asymmetric crypto > >operations. > > - added APIs to start/stop/initialize queue pairs to handle asymmetric > > crypto > >operations. > > - added asymmetric session structure and related APIs to handle session > >operations (initialize/allocate/free) etc. > > > > RFC v1: http://dpdk.org/ml/archives/dev/2017-March/060869.html > > > > Umesh Kartha (3): > > cryptodev: added asymmetric algorithms > > cryptodev: asymmetric algorithm capability definitions > > cryptodev: added asym queue pair, session apis > > > > lib/librte_cryptodev/rte_crypto.h| 135 +++- > > lib/librte_cryptodev/rte_crypto_asym.h | 1124 > > ++ > > lib/librte_cryptodev/rte_cryptodev.c | 782 - > > lib/librte_cryptodev/rte_cryptodev.h | 414 +++ > > lib/librte_cryptodev/rte_cryptodev_pmd.h | 113 +++ > > 5 files changed, 2564 insertions(+), 4 deletions(-) > > create mode 100644 lib/librte_cryptodev/rte_crypto_asym.h > > > > -- > > 1.8.3.1 > > > > Regards, Umesh
Re: [dpdk-dev] [RFC PATCH v2 1/3] cryptodev: added asymmetric algorithms
Hi Fiona,
On Thu, May 25, 2017 at 04:00:42PM +, Trahe, Fiona wrote:
> Hi Umesh,
>
>
> > -Original Message-
> > From: Umesh Kartha [mailto:umesh.kar...@caviumnetworks.com]
> > Sent: Thursday, May 11, 2017 1:36 PM
> > To: dev@dpdk.org
> > Cc: Jerin Jacob ; Balasubramanian
> > Manoharan
> > ; Ram Kumar ;
> > Murthy
> > Nidadavolu ; Doherty, Declan
> > ; De Lara
> > Guarch, Pablo ; Trahe, Fiona
> >
> > Subject: [RFC PATCH v2 1/3] cryptodev: added asymmetric algorithms
> >
> > Added asymmetric xform structures, operation definitions, operation
> > parameters. Added asymmetric algorithms RSA, DH, ECDH, DSA, ECDSA,
> > MODEXP, FECC, MOD-INVERSE. Added curves (all curves supported by
> > libcrypto as of now).
> >
> > Signed-off-by: Umesh Kartha
> > ---
> > lib/librte_cryptodev/rte_crypto_asym.h | 1124
> >
> > 1 file changed, 1124 insertions(+)
> > create mode 100644 lib/librte_cryptodev/rte_crypto_asym.h
> >
> > diff --git lib/librte_cryptodev/rte_crypto_asym.h
> > lib/librte_cryptodev/rte_crypto_asym.h
> > new file mode 100644
> > index 000..36a8b4f
> > --- /dev/null
> > +++ lib/librte_cryptodev/rte_crypto_asym.h
> > @@ -0,0 +1,1124 @@
> > +/*
> > + * BSD LICENSE
> > + *
> > + * Copyright (C) Cavium networks Ltd. 2017.
> > + *
> > + * Redistribution and use in source and binary forms, with or without
> > + * modification, are permitted provided that the following conditions
> > + * are met:
> > + *
> > + * * Redistributions of source code must retain the above copyright
> > + * notice, this list of conditions and the following disclaimer.
> > + * * Redistributions in binary form must reproduce the above copyright
> > + * notice, this list of conditions and the following disclaimer in
> > + * the documentation and/or other materials provided with the
> > + * distribution.
> > + * * Neither the name of Cavium Networks nor the names of its
> > + * contributors may be used to endorse or promote products derived
> > + * from this software without specific prior written permission.
> > + *
> > + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> > + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> > + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> > + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> > + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> > + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> > + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> > + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> > + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> > + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> > + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> > + */
> > +
> > +#ifndef _RTE_CRYPTO_ASYM_H_
> > +#define _RTE_CRYPTO_ASYM_H_
> > +
> > +/**
> > + * @file rte_crypto_asym.h
> > + *
> > + * RTE Definitions for Asymmetric Cryptography
> > + *
> > + * Defines asymmetric algorithms and modes, as well as supported
> > + * asymmetric crypto operations.
> > + */
> > +
> > +#ifdef __cplusplus
> > +extern "C" {
> > +#endif
> > +
> > +#include
> > +#include
> > +#include
> > +#include
> > +#include
> > +#include
> > +#include "rte_crypto_sym.h"
> > +
> > +typedef struct rte_crypto_xform_param_t {
> > + uint8_t *data;
> > + size_t length;
> > +} rte_crypto_xform_param;
> > +
> > +typedef struct rte_crypto_op_param_t {
> > + uint8_t *data;
> > + phys_addr_t phys_addr;
> > + size_t length;
> > +} rte_crypto_op_param;
> [Fiona] Are both above lengths in bytes ?
>
>
[Umesh] Yes, they are in bytes. Will add note for this to avoid any
confusion.
> > +
> > +/** Asymmetric crypto transformation types */
> > +enum rte_crypto_asym_xform_type {
> > + RTE_CRYPTO_ASYM_XFORM_NOT_SPECIFIED = 0,
> > + RTE_CRYPTO_ASYM_XFORM_RSA,
> > + RTE_CRYPTO_ASYM_XFORM_MODEX,
> > + RTE_CRYPTO_ASYM_XFORM_DH,
> > + RTE_CRYPTO_ASYM_XFORM_ECDH,
> > + RTE_CRYPTO_ASYM_XFORM_DSA,
> > + RTE_CRYPTO_ASYM_XFORM_ECDSA,
>
