From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2121EA0548; Tue, 31 May 2022 07:12:47 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B4395427F3; Tue, 31 May 2022 07:12:41 +0200 (CEST) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mails.dpdk.org (Postfix) with ESMTP id B70AA427F0 for ; Tue, 31 May 2022 07:12:38 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653973959; x=1685509959; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=R8OkRARJckWcmMt9zdEt3GWcsv1TVhpOPkyJ2S6yoTY=; b=n6H3mu9m12NRbAdQ7kCof7k23en2MOvFz3MMFc1rxY5KjWIzi81PHuBZ iS5GNetXUpory+i9MhJPa25Du6WF1j43VKBSJ5NeYdz4yfYNZnuFZHvZY exaXBeP4xWzjXrwG51fyPOskBlpSht1scIyBmrfVPpHyGG60faBgPz/3R RYqxR1Hu60/wmRm2W25bobvx+FyaMHqEeSp2F/iRnzP2/dfoSF/WSFxUD dj/C7iY0Z5/ndYyrt8NIVDTtIuYulY1r8vwGKYeGG+0yZYiuaKYAiy/Y3 l/JZK5WHKNri0FuzfLhLDWZVGUF7zEB5mh0w5O1DQMBiMV81fdtlYSi5U A==; X-IronPort-AV: E=McAfee;i="6400,9594,10363"; a="338181282" X-IronPort-AV: E=Sophos;i="5.91,264,1647327600"; d="scan'208";a="338181282" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 May 2022 22:12:37 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,264,1647327600"; d="scan'208";a="576220364" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by orsmga007.jf.intel.com with ESMTP; 30 May 2022 22:12:36 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v4 02/12] cryptodev: separate key exchange operation enum Date: Tue, 31 May 2022 05:04:29 +0100 Message-Id: <20220531040439.15862-3-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220531040439.15862-1-arkadiuszx.kusztal@intel.com> References: <20220531040439.15862-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org - Separated key exchange enum from asym op type. Key exchange and asymmetric crypto operations like signatures, encryption/decryption should not share same operation enum as its use cases are unrelated and mutually exclusive. Therefore op_type was separate into: 1) operation type 2) key exchange operation type Signed-off-by: Arek Kusztal --- app/test/test_cryptodev_asym.c | 52 +++++++++++++++------------- drivers/crypto/openssl/rte_openssl_pmd.c | 10 +++--- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 18 +++++----- lib/cryptodev/rte_crypto_asym.h | 45 +++++++++++++++--------- lib/cryptodev/rte_cryptodev.c | 14 +++++--- lib/cryptodev/rte_cryptodev.h | 4 ++- lib/cryptodev/version.map | 1 + 7 files changed, 84 insertions(+), 60 deletions(-) diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index 573af2a537..491ba2c1b9 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -976,27 +976,30 @@ static inline void print_asym_capa( for (i = 0; i < RTE_CRYPTO_ASYM_OP_LIST_END; i++) { /* check supported operations */ - if (rte_cryptodev_asym_xform_capability_check_optype(capa, i)) - printf(" %s", - rte_crypto_asym_op_strings[i]); + if (rte_cryptodev_asym_xform_capability_check_optype(capa, i)) { + if (capa->xform_type == RTE_CRYPTO_ASYM_XFORM_DH) + printf(" %s", rte_crypto_asym_ke_strings[i]); + else + printf(" %s", rte_crypto_asym_op_strings[i]); } - switch (capa->xform_type) { - case RTE_CRYPTO_ASYM_XFORM_RSA: - case RTE_CRYPTO_ASYM_XFORM_MODINV: - case RTE_CRYPTO_ASYM_XFORM_MODEX: - case RTE_CRYPTO_ASYM_XFORM_DH: - case RTE_CRYPTO_ASYM_XFORM_DSA: - printf(" modlen: min %d max %d increment %d", - capa->modlen.min, - capa->modlen.max, - capa->modlen.increment); + } + switch (capa->xform_type) { + case RTE_CRYPTO_ASYM_XFORM_RSA: + case RTE_CRYPTO_ASYM_XFORM_MODINV: + case RTE_CRYPTO_ASYM_XFORM_MODEX: + case RTE_CRYPTO_ASYM_XFORM_DH: + case RTE_CRYPTO_ASYM_XFORM_DSA: + printf(" modlen: min %d max %d increment %d", + capa->modlen.min, + capa->modlen.max, + capa->modlen.increment); + break; + case RTE_CRYPTO_ASYM_XFORM_ECDSA: + case RTE_CRYPTO_ASYM_XFORM_ECPM: + default: break; - case RTE_CRYPTO_ASYM_XFORM_ECDSA: - case RTE_CRYPTO_ASYM_XFORM_ECPM: - default: - break; - } - printf("\n"); + } + printf("\n"); } static int @@ -1064,7 +1067,7 @@ test_dh_gen_shared_sec(struct rte_crypto_asym_xform *xfrm) asym_op = op->asym; /* Setup a xform and op to generate private key only */ - xform.dh.type = RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE; + xform.dh.ke_type = RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE; xform.next = NULL; asym_op->dh.priv_key.data = dh_test_params.priv_key.data; asym_op->dh.priv_key.length = dh_test_params.priv_key.length; @@ -1146,7 +1149,7 @@ test_dh_gen_priv_key(struct rte_crypto_asym_xform *xfrm) asym_op = op->asym; /* Setup a xform and op to generate private key only */ - xform.dh.type = RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE; + xform.dh.ke_type = RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE; xform.next = NULL; asym_op->dh.priv_key.data = output; asym_op->dh.priv_key.length = sizeof(output); @@ -1229,7 +1232,7 @@ test_dh_gen_pub_key(struct rte_crypto_asym_xform *xfrm) * using test private key * */ - xform.dh.type = RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE; + xform.dh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE; xform.next = NULL; asym_op->dh.pub_key.data = output; @@ -1319,9 +1322,10 @@ test_dh_gen_kp(struct rte_crypto_asym_xform *xfrm) /* Setup a xform chain to generate * private key first followed by * public key - */xform.dh.type = RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE; + */ + xform.dh.ke_type = RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE; pub_key_xform.xform_type = RTE_CRYPTO_ASYM_XFORM_DH; - pub_key_xform.dh.type = RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE; + pub_key_xform.dh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE; xform.next = &pub_key_xform; asym_op->dh.pub_key.data = out_pub_key; diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index d80e1052e2..86f285ef79 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1697,7 +1697,7 @@ process_openssl_dh_op(struct rte_crypto_op *cop, int ret = 0; if (sess->u.dh.key_op & - (1 << RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE)) { + (1 << RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE)) { /* compute shared secret using peer public key * and current private key * shared secret = peer_key ^ priv_key mod p @@ -1754,9 +1754,9 @@ process_openssl_dh_op(struct rte_crypto_op *cop, * then first set DH with user provided private key */ if ((sess->u.dh.key_op & - (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) && + (1 << RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE)) && !(sess->u.dh.key_op & - (1 << RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE))) { + (1 << RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE))) { /* generate public key using user-provided private key * pub_key = g ^ priv_key mod p */ @@ -1790,7 +1790,7 @@ process_openssl_dh_op(struct rte_crypto_op *cop, return 0; } - if (sess->u.dh.key_op & (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) { + if (sess->u.dh.key_op & (1 << RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE)) { const BIGNUM *pub_key = NULL; OPENSSL_LOG(DEBUG, "%s:%d update public key\n", @@ -1805,7 +1805,7 @@ process_openssl_dh_op(struct rte_crypto_op *cop, } if (sess->u.dh.key_op & - (1 << RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE)) { + (1 << RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE)) { const BIGNUM *priv_key = NULL; OPENSSL_LOG(DEBUG, "%s:%d updated priv key\n", diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 1cb07794bd..724492c7cb 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -533,10 +533,10 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { .xform_capa = { .xform_type = RTE_CRYPTO_ASYM_XFORM_DH, .op_types = - ((1<u.dh.key_op = (1 << xform->dh.type); + asym_session->u.dh.key_op = (1 << xform->dh.ke_type); - if (xform->dh.type == - RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) { + if (xform->dh.ke_type == + RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE) { /* check if next is pubkey */ if ((xform->next != NULL) && (xform->next->xform_type == RTE_CRYPTO_ASYM_XFORM_DH) && - (xform->next->dh.type == - RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE) + (xform->next->dh.ke_type == + RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) ) { /* * setup op as pub/priv key @@ -1023,7 +1023,7 @@ static int openssl_set_asym_session_parameters( */ asym_session->u.dh.key_op |= (1 << - RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE); + RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE); } } asym_session->u.dh.dh_key = dh; diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 87df9b2ce3..e496588c7a 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -33,6 +33,10 @@ struct rte_cryptodev_asym_session; extern const char * rte_crypto_asym_xform_strings[]; +/** asym key exchange operation type name strings */ +extern const char * +rte_crypto_asym_ke_strings[]; + /** asym operations type name strings */ extern const char * rte_crypto_asym_op_strings[]; @@ -113,16 +117,22 @@ enum rte_crypto_asym_op_type { /**< Signature Generation operation */ RTE_CRYPTO_ASYM_OP_VERIFY, /**< Signature Verification operation */ - RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE, - /**< DH Private Key generation operation */ - RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE, - /**< DH Public Key generation operation */ - RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE, - /**< DH Shared Secret compute operation */ RTE_CRYPTO_ASYM_OP_LIST_END }; /** + * Asymmetric crypto key exchange operation type + */ +enum rte_crypto_asym_ke_type { + RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE, + /**< Private Key generation operation */ + RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE, + /**< Public Key generation operation */ + RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE + /**< Shared Secret compute operation */ +}; + +/** * Padding types for RSA signature. */ enum rte_crypto_rsa_padding_type { @@ -260,7 +270,7 @@ struct rte_crypto_modinv_xform { * */ struct rte_crypto_dh_xform { - enum rte_crypto_asym_op_type type; + enum rte_crypto_asym_ke_type ke_type; /**< Setup xform for key generate or shared secret compute */ rte_crypto_uint p; /**< Prime modulus data */ @@ -397,26 +407,27 @@ struct rte_crypto_rsa_op_param { struct rte_crypto_dh_op_param { rte_crypto_uint pub_key; /**< - * Output generated public key when xform type is - * DH PUB_KEY_GENERATION. - * Input peer public key when xform type is DH - * SHARED_SECRET_COMPUTATION + * Output - generated public key, when dh xform ke_type is + * RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE. * + * Input - peer's public key, when dh xform ke_type is + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. */ rte_crypto_uint priv_key; /**< - * Output generated private key if xform type is - * DH PRIVATE_KEY_GENERATION - * Input when xform type is DH SHARED_SECRET_COMPUTATION. + * Output - generated private key, when dh xform ke_type is + * RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE. * + * Input - private key, when dh xform ke_type is one of: + * RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE, + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. */ rte_crypto_uint shared_secret; /**< - * Output with calculated shared secret - * when dh xform set up with op type = SHARED_SECRET_COMPUTATION. - * + * Output - calculated shared secret when dh xform ke_type is + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. */ }; diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c index e16e6802aa..cc614b0f72 100644 --- a/lib/cryptodev/rte_cryptodev.c +++ b/lib/cryptodev/rte_cryptodev.c @@ -177,10 +177,16 @@ const char *rte_crypto_asym_op_strings[] = { [RTE_CRYPTO_ASYM_OP_ENCRYPT] = "encrypt", [RTE_CRYPTO_ASYM_OP_DECRYPT] = "decrypt", [RTE_CRYPTO_ASYM_OP_SIGN] = "sign", - [RTE_CRYPTO_ASYM_OP_VERIFY] = "verify", - [RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE] = "priv_key_generate", - [RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE] = "pub_key_generate", - [RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE] = "sharedsecret_compute", + [RTE_CRYPTO_ASYM_OP_VERIFY] = "verify" +}; + +/** + * Asymmetric crypto key exchange operation strings identifiers. + */ +const char *rte_crypto_asym_ke_strings[] = { + [RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE] = "priv_key_generate", + [RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE] = "pub_key_generate", + [RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE] = "sharedsecret_compute" }; /** diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h index 2c2c2edeb7..7d683fd728 100644 --- a/lib/cryptodev/rte_cryptodev.h +++ b/lib/cryptodev/rte_cryptodev.h @@ -168,7 +168,9 @@ struct rte_cryptodev_asymmetric_xform_capability { /**< Transform type: RSA/MODEXP/DH/DSA/MODINV */ uint32_t op_types; - /**< bitmask for supported rte_crypto_asym_op_type */ + /**< bitmask for supported rte_crypto_asym_op_type or + * rte_crypto_asym_ke_type + */ __extension__ union { diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map index f0abfaa47d..dbf1f62199 100644 --- a/lib/cryptodev/version.map +++ b/lib/cryptodev/version.map @@ -108,6 +108,7 @@ EXPERIMENTAL { #added in 22.07 rte_cryptodev_session_event_mdata_set; + rte_crypto_asym_ke_strings; }; INTERNAL { -- 2.13.6