DPDK patches and discussions
 help / color / mirror / Atom feed
From: "Kusztal, ArkadiuszX" <arkadiuszx.kusztal@intel.com>
To: Anoob Joseph <anoobj@marvell.com>,
	Akhil Goyal <akhil.goyal@nxp.com>,
	"Doherty, Declan" <declan.doherty@intel.com>,
	"De Lara Guarch, Pablo" <pablo.de.lara.guarch@intel.com>
Cc: Ayuj Verma <ayverma@marvell.com>,
	"Trahe, Fiona" <fiona.trahe@intel.com>,
	 Jerin Jacob <jerinj@marvell.com>,
	Narayana Prasad <pathreya@marvell.com>,
	 Shally Verma <shallyv@marvell.com>,
	Ankur Dwivedi <adwivedi@marvell.com>,
	 Sunila Sahu <ssahu@marvell.com>, "dev@dpdk.org" <dev@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH 1/4] lib/crypto: add support for ECDSA
Date: Fri, 20 Dec 2019 16:05:51 +0000	[thread overview]
Message-ID: <BYAPR11MB38310C19E20E2B5C053D53319F2D0@BYAPR11MB3831.namprd11.prod.outlook.com> (raw)
In-Reply-To: <1575546206-2478-2-git-send-email-anoobj@marvell.com>

Hi Anoob,

Few suggestions inline.

>  ;
>  [Asymmetric]
> -RSA =
> -DSA =
> -Modular Exponentiation =
> -Modular Inversion =
> -Diffie-hellman =
> \ No newline at end of file
> +RSA                     =
> +DSA                     =
> +Modular Exponentiation  =
> +Modular Inversion       =
> +Diffie-hellman          =
> +ECDSA                   =
> diff --git a/lib/librte_cryptodev/rte_crypto_asym.h
> b/lib/librte_cryptodev/rte_crypto_asym.h
> index 0d34ce8..dd5e6e3 100644
> --- a/lib/librte_cryptodev/rte_crypto_asym.h
> +++ b/lib/librte_cryptodev/rte_crypto_asym.h
> @@ -81,6 +81,10 @@ enum rte_crypto_asym_xform_type {
>  	/**< Modular Exponentiation
>  	 * Perform Modular Exponentiation b^e mod n
>  	 */
> +	RTE_CRYPTO_ASYM_XFORM_ECDSA,
> +	/**< Elliptic Curve Digital Signature Algorithm
> +	 * Perform Signature Generation and Verification.
> +	 */
>  	RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
>  	/**< End of list */
>  };
> @@ -319,6 +323,46 @@ struct rte_crypto_dsa_xform {  };
> 
>  /**
> + * TLS named curves
> + * https://www.iana.org/assignments/tls-parameters/
> + * tls-parameters.xhtml#tls-parameters-8
> + * secp192r1 = 19,
> + * secp224r1 = 21,
> + * secp256r1 = 23,
> + * secp384r1 = 24,
> + * secp521r1 = 25,
> + */
> +enum rte_crypto_ec_group {
> +	RTE_CRYPTO_EC_GROUP_UNKNOWN  = 0,
> +	RTE_CRYPTO_EC_GROUP_NISTP192 = 19,
> +	RTE_CRYPTO_EC_GROUP_NISTP224 = 21,
> +	RTE_CRYPTO_EC_GROUP_NISTP256 = 23,
> +	RTE_CRYPTO_EC_GROUP_NISTP384 = 24,
> +	RTE_CRYPTO_EC_GROUP_NISTP521 = 25,
> +};

[Arek] Since in comment we use SECG naming maybe enum should follow to avoid confusion?
> +
> +/**
> + * Structure for elliptic curve point
> + */
> +struct rte_crypto_ec_point {
> +	rte_crypto_param x;
> +	/**< X coordinate */
> +	rte_crypto_param y;
> +	/**< Y coordinate */
> +};
> +
> +/**
> + * Asymmetric elliptic curve transform data
> + *
> + * Structure describing all EC based xform params
> + *
> + */
> +struct rte_crypto_ec_xform {
> +	enum rte_crypto_ec_group curve_id;
> +	/**< Pre-defined ec groups */
> +};
> +
> +/**
>   * Operations params for modular operations:
>   * exponentiation and multiplicative inverse
>   *
> @@ -372,6 +416,11 @@ struct rte_crypto_asym_xform {
> 
>  		struct rte_crypto_dsa_xform dsa;
>  		/**< DSA xform parameters */
> +
> +		struct rte_crypto_ec_xform ec;
> +		/**< EC xform parameters, used by elliptic curve based
> +		 * operations.
> +		 */
>  	};
>  };
> 
> @@ -516,6 +565,39 @@ struct rte_crypto_dsa_op_param {  };
> 
>  /**
> + * ECDSA operation params
> + */
> +struct rte_crypto_ecdsa_op_param {
> +	enum rte_crypto_asym_op_type op_type;
> +	/**< Signature generation or verification */
> +
> +	rte_crypto_param pkey;
> +	/**< Private key of the signer for signature generation */
[Arek] - for DSA we have private key in xform, why this inconsistency?
> +
> +	struct rte_crypto_ec_point q;
> +	/**< Public key of the signer for verification */
> +
> +	rte_crypto_param message;
> +	/**< Input message to be signed or verified */
[Arek] - This I expect should be message digest instead of message itself?
> +
> +	rte_crypto_param k;
> +	/**< The ECDSA per-message secret number, which is an integer
> +	 * in the interval (1, n-1)
> +	 */
[Arek] - If pmd can generate 'k' internally we could do something like:
'if k.data == NULL => PMD will generate 'k' internally, k.data remains untouched.'
Another option is to provide user with some callback function to generate CSRN which could be useful for RSA PSS, OAEP as well (we already discussed that internally in Intel, I will elaborate on this bit more in different thread).

> +
> +	rte_crypto_param r;
> +	/**< r component of elliptic curve signature
> +	 *     output : for signature generation
> +	 *     input  : for signature verification
> +	 */
> +	rte_crypto_param s;
> +	/**< s component of elliptic curve signature
> +	 *     output : for signature generation
> +	 *     input  : for signature verification
> +	 */
[Arek] - Do we want to add any constraints like 'this field should be big enough to hold...'
> +};
> +
> +/**
>   * Asymmetric Cryptographic Operation.
>   *
>   * Structure describing asymmetric crypto operation params.
> @@ -537,6 +619,7 @@ struct rte_crypto_asym_op {
>  		struct rte_crypto_mod_op_param modinv;
>  		struct rte_crypto_dh_op_param dh;
>  		struct rte_crypto_dsa_op_param dsa;
> +		struct rte_crypto_ecdsa_op_param ecdsa;
>  	};
>  };
> 
> diff --git a/lib/librte_cryptodev/rte_cryptodev.c
> b/lib/librte_cryptodev/rte_cryptodev.c
> index 89aa2ed..0d6babb 100644
> --- a/lib/librte_cryptodev/rte_cryptodev.c
> +++ b/lib/librte_cryptodev/rte_cryptodev.c
> @@ -173,6 +173,7 @@ const char *rte_crypto_asym_xform_strings[] = {
>  	[RTE_CRYPTO_ASYM_XFORM_MODINV]	= "modinv",
>  	[RTE_CRYPTO_ASYM_XFORM_DH]	= "dh",
>  	[RTE_CRYPTO_ASYM_XFORM_DSA]	= "dsa",
> +	[RTE_CRYPTO_ASYM_XFORM_ECDSA]	= "ecdsa",
>  };
> 
>  /**
> --
> 2.7.4

Regards,
Arek

  reply	other threads:[~2019-12-20 16:05 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-05 11:43 [dpdk-dev] [PATCH 0/4] add ECDSA support Anoob Joseph
2019-12-05 11:43 ` [dpdk-dev] [PATCH 1/4] lib/crypto: add support for ECDSA Anoob Joseph
2019-12-20 16:05   ` Kusztal, ArkadiuszX [this message]
2020-01-02  7:55     ` Anoob Joseph
2020-01-09 13:03       ` Kusztal, ArkadiuszX
2020-01-13 12:47         ` Akhil Goyal
2020-01-13 16:36         ` Anoob Joseph
2020-01-14  5:12           ` Shally Verma
2020-01-14 11:01             ` Kusztal, ArkadiuszX
2019-12-05 11:43 ` [dpdk-dev] [PATCH 2/4] crypto/octeontx: add ECDSA support Anoob Joseph
2019-12-05 11:43 ` [dpdk-dev] [PATCH 3/4] crypto/octeontx2: " Anoob Joseph
2019-12-05 11:43 ` [dpdk-dev] [PATCH 4/4] app/test: add ECDSA sign/verify tests Anoob Joseph
2020-01-15 12:43 ` [dpdk-dev] [PATCH v2 0/4] add ECDSA support Anoob Joseph
2020-01-15 12:43   ` [dpdk-dev] [PATCH v2 1/4] cryptodev: support ECDSA Anoob Joseph
2020-01-15 15:51     ` Akhil Goyal
2020-01-15 12:43   ` [dpdk-dev] [PATCH v2 2/4] crypto/octeontx: add ECDSA support Anoob Joseph
2020-01-15 12:43   ` [dpdk-dev] [PATCH v2 3/4] crypto/octeontx2: " Anoob Joseph
2020-01-15 12:43   ` [dpdk-dev] [PATCH v2 4/4] app/test: add ECDSA sign/verify tests Anoob Joseph
2020-01-15 15:50   ` [dpdk-dev] [PATCH v2 0/4] add ECDSA support Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=BYAPR11MB38310C19E20E2B5C053D53319F2D0@BYAPR11MB3831.namprd11.prod.outlook.com \
    --to=arkadiuszx.kusztal@intel.com \
    --cc=adwivedi@marvell.com \
    --cc=akhil.goyal@nxp.com \
    --cc=anoobj@marvell.com \
    --cc=ayverma@marvell.com \
    --cc=declan.doherty@intel.com \
    --cc=dev@dpdk.org \
    --cc=fiona.trahe@intel.com \
    --cc=jerinj@marvell.com \
    --cc=pablo.de.lara.guarch@intel.com \
    --cc=pathreya@marvell.com \
    --cc=shallyv@marvell.com \
    --cc=ssahu@marvell.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).