From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
To: dev@dpdk.org
Cc: gakhil@marvell.com, anoobj@marvell.com, roy.fan.zhang@intel.com,
Arek Kusztal <arkadiuszx.kusztal@intel.com>
Subject: [PATCH 30/40] cryptodev: reduce rsa struct to only necessary fields
Date: Fri, 20 May 2022 06:54:35 +0100 [thread overview]
Message-ID: <20220520055445.40063-31-arkadiuszx.kusztal@intel.com> (raw)
In-Reply-To: <20220520055445.40063-1-arkadiuszx.kusztal@intel.com>
- reduced rsa struct to only necessary fields.
RSA operation is generally used with one input and one output.
One exception for this is signature verification, when RSA verify
called, both message and signature are inputs, but there is no rsa
output except for op status.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
lib/cryptodev/rte_crypto_asym.h | 87 +++++++++++++++++++++++------------------
1 file changed, 50 insertions(+), 37 deletions(-)
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index c864b8a115..37dd3b9d86 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -362,53 +362,66 @@ struct rte_crypto_rsa_op_param {
enum rte_crypto_asym_op_type op_type;
/**< Type of RSA operation for transform */
- rte_crypto_param message;
+ rte_crypto_param input;
/**<
- * Pointer to input data
- * - to be encrypted for RSA public encrypt.
- * - to be signed for RSA sign generation.
- * - to be authenticated for RSA sign verification.
+ * When op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT:
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
+ * input should only be used along with cryptographically
+ * secure padding scheme.
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5
+ * input shall be no longer than public modulus minus 11.
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_OAEP
+ * input shall be no longer than public modulus -
+ * 2 * len(hash) - 2.
+ * When op_type == RTE_CRYPTO_ASYM_OP_SIGN:
*
- * Pointer to output data
- * - for RSA private decrypt.
- * In this case the underlying array should have been
- * allocated with enough memory to hold plaintext output
- * (i.e. must be at least RSA key size). The message.length
- * field should be 0 and will be overwritten by the PMD
- * with the decrypted length.
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
+ * input should only be used along with cryptographically
+ * secure padding scheme. *
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or
+ * RTE_CRYPTO_RSA_PADDING_PSS
+ * if the RTE_CRYPTO_RSA_FLAG_PT flag is set, input shall contain
+ * the message to be signed, if this flag is not set,
+ * input shall contain the digest of the message to be signed.
*
- * All data is in Octet-string network byte order format.
- */
-
- rte_crypto_param cipher;
- /**<
- * Pointer to input data
- * - to be decrypted for RSA private decrypt.
+ * When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT:
*
- * Pointer to output data
- * - for RSA public encrypt.
- * In this case the underlying array should have been allocated
- * with enough memory to hold ciphertext output (i.e. must be
- * at least RSA key size). The cipher.length field should
- * be 0 and will be overwritten by the PMD with the encrypted length.
+ * Input shall contain previously encrypted RSA message.
*
- * All data is in Octet-string network byte order format.
+ * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
+ *
+ * Input shall contain signature to be verified
*/
-
- rte_crypto_param sign;
+ union {
+ rte_crypto_param output;
+ rte_crypto_param message;
+ };
/**<
- * Pointer to input data
- * - to be verified for RSA public decrypt.
+ * When op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT:
+ *
+ * Output shall contain encrypted data, output.length shall
+ * be set to the length of encrypted data.
+ *
+ * When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT/RTE_CRYPTO_ASYM_OP_SIGN:
*
- * Pointer to output data
- * - for RSA private encrypt.
- * In this case the underlying array should have been allocated
- * with enough memory to hold signature output (i.e. must be
- * at least RSA key size). The sign.length field should
- * be 0 and will be overwritten by the PMD with the signature length.
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
+ * output shall contain decrypted/signed data, but all leading zeros
+ * shall be preserved. Therefore output.length should be
+ * equal to the length of the modulus..
+ * For other types of padding, output should contain
+ * decrypted data, and output.length shall be set to the length
+ * of decrypted data.
*
- * All data is in Octet-string network byte order format.
+ * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
+ *
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
+ * output shall contain the public key decrypted signature.
+ * All leading zeroes shall be preserved.
+ *
+ * For other padding types, the message should be set with data for the
+ * signature to be compared with.
*/
+
struct rte_crypto_rsa_padding padding;
/**< RSA padding information */
--
2.13.6
next prev parent reply other threads:[~2022-05-20 7:05 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-20 5:54 [PATCH 00/40] cryptodev: rsa, dh, ecdh changes Arek Kusztal
2022-05-20 5:54 ` [PATCH 01/40] cryptodev: redefine ec group enum Arek Kusztal
2022-05-20 5:54 ` [PATCH 02/40] cryptodev: remove list end enumerators Arek Kusztal
2022-05-20 7:19 ` [EXT] " Akhil Goyal
2022-05-20 5:54 ` [PATCH 03/40] test/crypto: " Arek Kusztal
2022-05-20 5:54 ` [PATCH 04/40] cryptodev: reduce number of comments in asym xform Arek Kusztal
2022-05-24 10:59 ` [EXT] " Akhil Goyal
2022-05-24 17:37 ` Kusztal, ArkadiuszX
2022-05-25 5:44 ` Akhil Goyal
2022-05-20 5:54 ` [PATCH 05/40] test/crypto: removed asym xform none Arek Kusztal
2022-05-20 5:54 ` [PATCH 06/40] cryptodev: separate key exchange operation enum Arek Kusztal
2022-05-24 11:45 ` [EXT] " Akhil Goyal
2022-05-20 5:54 ` [PATCH 07/40] crypto/openssl: " Arek Kusztal
2022-05-20 5:54 ` [PATCH 08/40] test/crypto: " Arek Kusztal
2022-05-20 7:18 ` [EXT] " Akhil Goyal
2022-05-20 5:54 ` [PATCH 09/40] cryptodev: remove unnecessary zero assignement Arek Kusztal
2022-05-20 7:13 ` [EXT] " Akhil Goyal
2022-05-20 5:54 ` [PATCH 10/40] cryptodev: remove comment about using ephemeral key in dsa Arek Kusztal
2022-05-20 5:54 ` [PATCH 11/40] cryptodev: remove asym crypto next xform Arek Kusztal
2022-05-20 7:22 ` [EXT] " Akhil Goyal
2022-05-24 11:12 ` Akhil Goyal
2022-05-24 14:47 ` Kusztal, ArkadiuszX
2022-05-25 6:06 ` Akhil Goyal
2022-05-25 6:36 ` Kusztal, ArkadiuszX
2022-05-25 7:05 ` Anoob Joseph
2022-05-27 6:30 ` Kusztal, ArkadiuszX
2022-05-27 6:40 ` Kusztal, ArkadiuszX
2022-05-27 6:55 ` Kusztal, ArkadiuszX
2022-05-27 7:27 ` Anoob Joseph
2022-05-27 7:47 ` Kusztal, ArkadiuszX
2022-05-20 5:54 ` [PATCH 12/40] crypto/openssl: " Arek Kusztal
2022-05-20 5:54 ` [PATCH 13/40] test/crypto: " Arek Kusztal
2022-05-20 7:24 ` [EXT] " Akhil Goyal
2022-05-20 7:38 ` Kusztal, ArkadiuszX
2022-05-20 5:54 ` [PATCH 14/40] app/test-crypto-perf: " Arek Kusztal
2022-05-20 5:54 ` [PATCH 15/40] app/test-eventdev: " Arek Kusztal
2022-05-20 7:25 ` [EXT] " Akhil Goyal
2022-05-20 5:54 ` [PATCH 16/40] cryptodev: move dh type from xform to dh op Arek Kusztal
2022-05-24 11:52 ` [EXT] " Akhil Goyal
2022-05-20 5:54 ` [PATCH 17/40] crypto/openssl: " Arek Kusztal
2022-05-20 5:54 ` [PATCH 18/40] test/crypto: " Arek Kusztal
2022-05-20 5:54 ` [PATCH 19/40] cryptodev: changed order of dh fields Arek Kusztal
2022-05-20 5:54 ` [PATCH 20/40] cryptodev: add elliptic curve diffie hellman Arek Kusztal
2022-05-24 12:08 ` [EXT] " Akhil Goyal
2022-05-24 14:52 ` Kusztal, ArkadiuszX
2022-05-24 14:55 ` Kusztal, ArkadiuszX
2022-05-25 6:02 ` Akhil Goyal
2022-05-25 6:33 ` Kusztal, ArkadiuszX
2022-05-20 5:54 ` [PATCH 21/40] cryptodev: add public key verify option Arek Kusztal
2022-05-24 12:12 ` [EXT] " Akhil Goyal
2022-05-24 14:59 ` Kusztal, ArkadiuszX
2022-05-25 6:00 ` Akhil Goyal
2022-05-25 6:30 ` Kusztal, ArkadiuszX
2022-05-20 5:54 ` [PATCH 22/40] cryptodev: move RSA padding into separate struct Arek Kusztal
2022-05-20 5:54 ` [PATCH 23/40] crypto/qat: " Arek Kusztal
2022-05-20 5:54 ` [PATCH 24/40] crypto/openssl: " Arek Kusztal
2022-05-20 5:54 ` [PATCH 25/40] crypto/octeontx: " Arek Kusztal
2022-05-20 5:54 ` [PATCH 26/40] crypto/cnxk: " Arek Kusztal
2022-05-20 5:54 ` [PATCH 27/40] common/cpt: " Arek Kusztal
2022-05-20 5:54 ` [PATCH 28/40] test/crypto: " Arek Kusztal
2022-05-20 5:54 ` [PATCH 29/40] cryptodev: add salt length and optional label Arek Kusztal
2022-05-24 12:30 ` [EXT] " Akhil Goyal
2022-05-24 15:14 ` Kusztal, ArkadiuszX
2022-05-25 5:57 ` Akhil Goyal
2022-05-20 5:54 ` Arek Kusztal [this message]
2022-05-24 12:52 ` [EXT] [PATCH 30/40] cryptodev: reduce rsa struct to only necessary fields Akhil Goyal
2022-05-24 15:33 ` Kusztal, ArkadiuszX
2022-05-25 5:48 ` Akhil Goyal
2022-05-20 5:54 ` [PATCH 31/40] crypto/qat: " Arek Kusztal
2022-05-20 5:54 ` [PATCH 32/40] crypto/openssl: " Arek Kusztal
2022-05-20 5:54 ` [PATCH 33/40] crypto/octeontx: " Arek Kusztal
2022-05-20 5:54 ` [PATCH 34/40] crypto/cnxk: " Arek Kusztal
2022-05-20 5:54 ` [PATCH 35/40] common/cpt: " Arek Kusztal
2022-05-20 5:54 ` [PATCH 36/40] test/crypto: " Arek Kusztal
2022-05-20 5:54 ` [PATCH 37/40] cryptodev: add asym op flags Arek Kusztal
2022-05-20 12:07 ` [EXT] " Akhil Goyal
2022-05-20 5:54 ` [PATCH 38/40] cryptodev: clarify usage of private key in dh Arek Kusztal
2022-05-24 12:56 ` [EXT] " Akhil Goyal
2022-05-24 14:30 ` Kusztal, ArkadiuszX
2022-05-25 6:09 ` Akhil Goyal
2022-05-25 6:37 ` Kusztal, ArkadiuszX
2022-05-20 5:54 ` [PATCH 39/40] crypto/openssl: generate dh private key Arek Kusztal
2022-05-20 5:54 ` [PATCH 40/40] test/crypto: added test for dh priv key generation Arek Kusztal
2022-05-20 7:30 ` [EXT] [PATCH 00/40] cryptodev: rsa, dh, ecdh changes Akhil Goyal
2022-05-20 7:37 ` Kusztal, ArkadiuszX
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220520055445.40063-31-arkadiuszx.kusztal@intel.com \
--to=arkadiuszx.kusztal@intel.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=roy.fan.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).