From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 16DD8439B8; Wed, 24 Jan 2024 18:41:37 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9C7A540E0F; Wed, 24 Jan 2024 18:41:36 +0100 (CET) Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.12]) by mails.dpdk.org (Postfix) with ESMTP id 7C00F402A6 for ; Wed, 24 Jan 2024 18:41:34 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1706118094; x=1737654094; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=7l5z/GMrbOXct6rBhXj/ezZhQMMzorPkqbSwkS3Thus=; b=YQL2MeKjOECeLOqkeQaXho34L0z6xWzkmLg28DSkFnqqTXwnfujG01TB v2R00u52to6z1Hztg9A1ss238jZT8EnXHBcFLpdD5j47gXRK/l0QeQKMP 1VoodHe6aOwEqVkZypgoQ4k3GicMnIO3VqJuNZZTUZPi8algFFCbnmxzQ hNy/m1xUSLGm8CTFqSqlKtOmBSl9T7PJu/hl6FXCqJMXFV0HxMZCwXKKF ObxB16l4D/uDHpDZ6E5tc+Yg+RsLuz9cakSg4ZD6kfG2ykqzJbBbp5Ldf zovN/pByC9BpjhsYnWdhyoAAIgR0RM6gxkcZ8YNRznhOpQFDWhhqNbvH7 g==; X-IronPort-AV: E=McAfee;i="6600,9927,10962"; a="9286716" X-IronPort-AV: E=Sophos;i="6.05,216,1701158400"; d="scan'208";a="9286716" Received: from fmviesa001.fm.intel.com ([10.60.135.141]) by orvoesa104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2024 09:41:33 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,216,1701158400"; d="scan'208";a="28467592" Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82]) by fmviesa001.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 24 Jan 2024 09:41:32 -0800 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 24 Jan 2024 09:41:32 -0800 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Wed, 24 Jan 2024 09:41:32 -0800 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.101) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Wed, 24 Jan 2024 09:41:31 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dISVkRVwL3khJSGC+Mie4/DqpUPCsOvOIE0GuhT2Qb7XQtSeNbumkRTzE2Smr6TPYbFJdHkBN1mGJghb357BQNFT9jZeFt7O3ZjH5lpPetTgkM5OBbGryDevAtNEV+05tIzLaVoa5W8XMdld4jgvkePxnUvso3NF8AcXvKWNTDQ1r/Db4i+DvxEn2PH61CMJO06vnK5iLPpWLEBHraVnThS5icZivs05tvUGtmu1ZsvSiX8n9wKUdJpRlJ+GTgy6r08n8Mp9oQtrDzm0VUpjkbuy6CroGLpv7876UPfljdgJhoeDyiko2xjIlz2KbJC6n3oPq+0NpBuj7ctTEr6Y4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WbUlSjkrx7omxsj7Jo7GXkx+WtfL/5bGlugLGCc6LE0=; b=CI2D4MHWYRmCx+BkhBWbe5whC2hGINwNO5cpKazPwjJ0RMKPYssukYAZyzDSbr1ExOX2hiSVrTDvBCr+p0NoEw49/1a8UbAAr/yOhWrQrRQ/0+NKT44NCgH0rBFJH/czjxXj30PBLSvF/9oC7QWbe6KZe/YUuck3wUGVFTlCbPK1qMRIN8PT1nRNHUM37E+wQajFFPdvOcGFzj2i0byk8kaZqW9asRW7rttCSIhghF9/bblR3RoGsbC2jtjhge8vFyCu07aw6T4ksf5ebJEzeyuossCPs5+paeBqB67EqnztsyPEU34KLNOJRmtwpY5Qg9F4Ge5XuoGHWo/7wO2uIQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH0PR11MB5013.namprd11.prod.outlook.com (2603:10b6:510:30::21) by IA1PR11MB6441.namprd11.prod.outlook.com (2603:10b6:208:3aa::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.34; Wed, 24 Jan 2024 17:41:29 +0000 Received: from PH0PR11MB5013.namprd11.prod.outlook.com ([fe80::c04d:e74b:bf92:d1bc]) by PH0PR11MB5013.namprd11.prod.outlook.com ([fe80::c04d:e74b:bf92:d1bc%3]) with mapi id 15.20.7228.023; Wed, 24 Jan 2024 17:41:26 +0000 From: "Kusztal, ArkadiuszX" To: Gowrishankar Muthukrishnan CC: Akhil Goyal , "Ji, Kai" , "Power, Ciara" , Anoob Joseph , "dev@dpdk.org" Subject: RE: [EXT] [RFC PATCH] cryptodev: add sm2 key exchange and encryption for HW Thread-Topic: [EXT] [RFC PATCH] cryptodev: add sm2 key exchange and encryption for HW Thread-Index: AQHaObOsc+eIw4+FRk2/SoFzITAOarDJsvMAgB+slcA= Date: Wed, 24 Jan 2024 17:41:26 +0000 Message-ID: References: <20231228161932.54253-1-arkadiuszx.kusztal@intel.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: PH0PR11MB5013:EE_|IA1PR11MB6441:EE_ x-ms-office365-filtering-correlation-id: 67cad9d0-ee7e-47f8-9abe-08dc1d03b099 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: muQERulxI1Py/JZZ/zzKLXUG60kYGTrqYQfX9POJVecuW2/maTiv2whgUSmITuGUVz+AKdMbZxAN9pZVrGqD8HGYdvjOaJ5Rlwn6qwFwvH62N0BrD3ltiAlwiIJIHdr7qsbahAKNiaWXxUFeu0rEkzEmrrHE+ilkdXIqf5Qn6NCj+ii7jbpWt3jk2VPn1N864wXxWxnEo1u6z5jDoelPXoswQeKgGjjaazfBC7pyZJJvTloEiK5dTHGU71HVuX/U+glw18Xzs6jAb4WfFcf7kgOLXZgYrFeDSSkmWIhALVd+QOtdlQd4WTvRLC83Yd3xgY8Fw4XIh4X5ffs7reopFthbs45fgf781TvgL7qEDGyPIdWvvRutWCFLJRzhcMcWlNyMTXMZlBseRj/h6JMi1V1naoOwzlnYv8RH9tOA05pKSznb5cUFMzVxzWILE3DZPnyoHgrXARzwaItNt0s9jIgn0wpUnLPAbOnIKWidiMGau2ymQuC9CPpizJb4SlC0ndVdl4N2c3sfataGyhBtiFnOihsnL+Z9c6b+kpfT548Krx2cBYzRNUmT5CW+GNrlWqU+rpYawLAwWUfNEh7US+EczKfbyyvw+XhZGR2ZOnhBiRTR5FTpWF8jvHZ6N04I x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB5013.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39860400002)(396003)(136003)(376002)(346002)(366004)(230922051799003)(64100799003)(186009)(1800799012)(451199024)(55016003)(71200400001)(53546011)(2906002)(9686003)(6506007)(7696005)(26005)(82960400001)(86362001)(83380400001)(33656002)(38070700009)(38100700002)(41300700001)(52536014)(6916009)(5660300002)(66556008)(478600001)(54906003)(66476007)(8936002)(8676002)(316002)(4326008)(122000001)(66446008)(64756008)(76116006)(66946007); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?rlLuSqfIija2ymZX/dbwVEsm/4AjYh7EJncLvXbDmlpKbUl60DTziCrm9Hvf?= =?us-ascii?Q?vQTaaatQuzFr6ZElFo0nva61+lMUzz49Gt1yYNtvPwOUjI1491P0v+FscWAu?= =?us-ascii?Q?HpNeOrjpWgttOXabzIsr22mNodOXDRq4DQQ+1jBbz9BXDLVQxVUseCPKaTtr?= =?us-ascii?Q?beszaSQgGuudxAcTr5pReHTksb83vWotrJFro7xxDKLCn904jiK/TaC/ittm?= =?us-ascii?Q?OPdu4T4Vg+WNfCj2bK7OHJLxX6sZ+nm8TEGGkICbndkMzEYuBexQOJhImxw7?= =?us-ascii?Q?Zoy0nnCVhAGVjLFGMvfWR4oNZuPrsU4ZIRhjd1MzO/freG4XyNKFiIc4lYu/?= =?us-ascii?Q?Vv+2/o6W0eUv0U2Zv/iv0ZhQ55WvScHLcvaDpOM51f0Hqwh/nPKDveqrdfNM?= =?us-ascii?Q?VcUHYEX65V7ExVQELY8VTAK/y4c+OR0AIjiE/O/Jvm9gwT2wuuTRZW/CBxLY?= =?us-ascii?Q?HsunnruNa1KJGUO8gieiUBiC34iG878FcqaExP0oJAL9HgQ2YYbVJaoolcKl?= =?us-ascii?Q?xqeIDLKciASsVYnrLV59ZfJIRhwWjhMJHYzsblex5+cDlEQI58PLTWuHtzfs?= =?us-ascii?Q?pouatjVWkELTSX6/iHDls49pH0Mq7tG50Z4cKZVM0xvf2lUhW7YfYXWWSvbo?= =?us-ascii?Q?BJfC714unlaoxYfRKJ+PYE6p3Wu1v5SzkxTYjQjs7zPrfifeCJWPk7wkxTpk?= =?us-ascii?Q?X9Rxx4ewIBsCFf+0An1ghordFSHWQOXELxdVbA4PnfsNoAHos9xfA81GQMoD?= =?us-ascii?Q?XU+AoSA6VcYja4pMkhvw7sxjJWJGybWY9MFczrWCGqZ0POYnEGipT1451V0T?= =?us-ascii?Q?i9pS1HESdvu5eHiyKzCO9aElSQnHkiN7aG7gv46IXbxX+6ghkxoJAYlJqa+W?= =?us-ascii?Q?Arxs5yVTk8hoHeSDXgc/pnrwaVfY8EpGfgLzz/rU74xSEDu2CqrPRC5JnyZQ?= =?us-ascii?Q?zR9meDJzmA++GpYUSn16UDvc3fZREvIIMerjL8izr+54b5GANBbr6JHzQ4x5?= =?us-ascii?Q?XS0evNOFbq6Qf20hnRBnbjNjdLxmtL7/HArhVRa42cT/8qqL0myxBj9M8y/O?= =?us-ascii?Q?ntRkgtQawTZx5A+AE8ZUTcdVL1QqdPt1Bq0HJBcMevlB5Z7tTfs2zt5rECoy?= =?us-ascii?Q?+jPaRlLs+PbsRLHoC2llvOinHQv3zPGImtKDjbBj/LC1jbLCmleBtfFXaWTf?= =?us-ascii?Q?INCrHVXrUoA/1mQz8I2vBgAuTGjw+gvIgzBoKRAWH+jZpgpaNXJ7wQjEyTjh?= =?us-ascii?Q?lzFPxcU0gvOJm4FeqKwKvS+06bmv9tbaL8BFCmUpbiCugh9GgfHYNqqRgtxn?= =?us-ascii?Q?/hofLrq1N8+LOYXEbLVEvnBq3yaRBFJzdXN3uMlYOAOaMOgNux5DLh//yFAB?= =?us-ascii?Q?if2PmQ0zpTlBWtl8Bvmf276DQK/tY0ectyV0qJgA7l+JTNDQ5HR+SVWKSLID?= =?us-ascii?Q?/8bMw8dFP87yLui+r4xwSK4b/EHIjovoiLMHkh25qMyfPGHyj9DEPHrvNcEQ?= =?us-ascii?Q?9oHFYmUNjhCXfcFAQO9G1Lb+xONEaoEItHtlrWcI0ICslFAFwAbneUGYewzW?= =?us-ascii?Q?qtGU0DCscioILAkVqJfadxEw74rp6z+YWs4oSbFrdjtrh5gA+83k7chMSmOG?= =?us-ascii?Q?gQ=3D=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5013.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 67cad9d0-ee7e-47f8-9abe-08dc1d03b099 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jan 2024 17:41:26.4280 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 7CCpUXs3leEVfn4OaJEjPNrXYWT4JMXRox1rmdRqN0zSR5ktBK7K6nJmJIkNbZfAOnA76YwSsT5svuBOQ/6u5/EHkU+04xyw72yquz27EBM= X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR11MB6441 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org > -----Original Message----- > From: Gowrishankar Muthukrishnan > Sent: Thursday, January 4, 2024 2:38 PM > To: Kusztal, ArkadiuszX > Cc: Akhil Goyal ; Ji, Kai ; Power, = Ciara > ; Anoob Joseph ; > dev@dpdk.org > Subject: RE: [EXT] [RFC PATCH] cryptodev: add sm2 key exchange and > encryption for HW >=20 > Hi, >=20 > > This commit adds comments for the proposal of addition of SM2 > > algorithm key exchange and encryption/decryption operation. > > > > Signed-off-by: Arkadiusz Kusztal > > --- > > lib/cryptodev/rte_crypto_asym.h | 16 ++++++++++++++++ > > 1 file changed, 16 insertions(+) > > > > diff --git a/lib/cryptodev/rte_crypto_asym.h > > b/lib/cryptodev/rte_crypto_asym.h index 39d3da3952..6911a14dbd 100644 > > --- a/lib/cryptodev/rte_crypto_asym.h > > +++ b/lib/cryptodev/rte_crypto_asym.h > > @@ -639,6 +639,10 @@ struct rte_crypto_asym_xform { struct > > rte_crypto_sm2_op_param { > > enum rte_crypto_asym_op_type op_type; > > /**< Signature generation or verification. */ > > + /* > > + * For key exchange operation, new struct should be created. > > + * Doing that, the current struct could be split into signature and > > encryption. > > + */ > > > > enum rte_crypto_auth_algorithm hash; > > /**< Hash algorithm used in EC op. */ @@ -672,6 +676,18 @@ struct > > rte_crypto_sm2_op_param { > > * C1 (1 + N + N), C2 =3D M, C3 =3D N. The cipher.length field will > > * be overwritten by the PMD with the encrypted length. > > */ > > + /* SM2 encryption algorithm relies on certain cryptographic functions= , > > + * that HW devices not necesseraly need to implement. > > + * When C1 is a elliptic curve point, C2 and C3 need additional > > + * operation like KDF and Hash. The question here is: should only > > + * elliptic curve output parameters (namely C1 and PB) be returned > > +to > > the user, > > + * or should encryption be, in this case, computed within the PMD usi= ng > > + * software methods, or should both option be available? > > + */ >=20 > I second on splitting this struct for PKE (may be _pke and _dsa). >=20 > At the same time, handling these structs should be followed by some capab= ility > check and that was what I have been thinking on to propose as asym OP > capability in this release. > Right now, asymmetric capability is defined only by xform (not also by op= ). > But we could add op capab also as below. >=20 > struct rte_cryptodev_capabilities caps_sm2[] =3D { > .op =3D RTE_CRYPTO_OP_TYPE_ASYMMETRIC, > { > .asym =3D { > .xform_capa =3D { > .xform_type =3D > RTE_CRYPTO_ASYM_XFORM_SM2, > .op_types =3D ... > }, > .op_capa =3D [ > { > .op_type =3D > RTE_CRYPTO_ASYM_OP_ENC, > .capa =3D (1 << > RTE_CRYPTO_ASYM_SM2_PKE_KDF | 1 << > RTE_CRYPTO_ASYM_SM2_PKE_HASH) <<<< NEW ENUM >>>> > } > ] > } > } > } >=20 > Doing this, hash_algos member in asym xform capability today can eventual= ly be > removed And it sounds better for an op. Also, this op capability check co= uld be > done once for the session. > If you are also aligned, I can send an RFC for capab check. Yes, please send. Additionally, on top of it, we need to add several fields to the sm2. We have never had this problem, as most of the algorithms are self-sufficie= nt, which is not a case for smX, as well as EdDSA for example.=20 So for certain HW cases: For encryption and decryption, there should be C1 as an input or output. For key exchange, there should be (xU/V,yU/V) as an output. >=20 > > + /* Similar applies to the key exchange in the HW. The second phase > > +of > > KE, most likely, > > + * will go as far as to obtain xU,yU(xV,xV), where SW can easily > > calculate SA. >=20 > What does SA mean here ? Signature algorithm ??. >=20 > Thanks, > Gowrishankar >=20 > > + * Should then both options be available? > > + */ > > > > rte_crypto_uint id; > > /**< The SM2 id used by signer and verifier. */ > > -- > > 2.13.6