1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2018 Cavium Networks
5 #ifndef _RTE_CRYPTO_ASYM_H_
6 #define _RTE_CRYPTO_ASYM_H_
9 * @file rte_crypto_asym.h
11 * RTE Definitions for Asymmetric Cryptography
13 * Defines asymmetric algorithms and modes, as well as supported
14 * asymmetric crypto operations.
24 #include <rte_memory.h>
25 #include <rte_mempool.h>
26 #include <rte_common.h>
28 typedef struct rte_crypto_param_t {
30 /**< pointer to buffer holding data */
32 /**< IO address of data buffer */
34 /**< length of data in bytes */
37 /** asym xform type name strings */
39 rte_crypto_asym_xform_strings[];
41 /** asym operations type name strings */
43 rte_crypto_asym_op_strings[];
46 * Asymmetric crypto transformation types.
47 * Each xform type maps to one asymmetric algorithm
48 * performing specific operation
51 enum rte_crypto_asym_xform_type {
52 RTE_CRYPTO_ASYM_XFORM_UNSPECIFIED = 0,
53 /**< Invalid xform. */
54 RTE_CRYPTO_ASYM_XFORM_NONE,
56 * May be supported by PMD to support
57 * passthrough op for debugging purpose.
58 * if xform_type none , op_type is disregarded.
60 RTE_CRYPTO_ASYM_XFORM_RSA,
61 /**< RSA. Performs Encrypt, Decrypt, Sign and Verify.
62 * Refer to rte_crypto_asym_op_type
64 RTE_CRYPTO_ASYM_XFORM_DH,
66 * Performs Key Generate and Shared Secret Compute.
67 * Refer to rte_crypto_asym_op_type
69 RTE_CRYPTO_ASYM_XFORM_DSA,
70 /**< Digital Signature Algorithm
71 * Performs Signature Generation and Verification.
72 * Refer to rte_crypto_asym_op_type
74 RTE_CRYPTO_ASYM_XFORM_MODINV,
75 /**< Modular Multiplicative Inverse
76 * Perform Modular Multiplicative Inverse b^(-1) mod n
78 RTE_CRYPTO_ASYM_XFORM_MODEX,
79 /**< Modular Exponentiation
80 * Perform Modular Exponentiation b^e mod n
82 RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
87 * Asymmetric crypto operation type variants
89 enum rte_crypto_asym_op_type {
90 RTE_CRYPTO_ASYM_OP_ENCRYPT,
91 /**< Asymmetric Encrypt operation */
92 RTE_CRYPTO_ASYM_OP_DECRYPT,
93 /**< Asymmetric Decrypt operation */
94 RTE_CRYPTO_ASYM_OP_SIGN,
95 /**< Signature Generation operation */
96 RTE_CRYPTO_ASYM_OP_VERIFY,
97 /**< Signature Verification operation */
98 RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE,
99 /**< DH Private Key generation operation */
100 RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE,
101 /**< DH Public Key generation operation */
102 RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE,
103 /**< DH Shared Secret compute operation */
104 RTE_CRYPTO_ASYM_OP_LIST_END
108 * Padding types for RSA signature.
110 enum rte_crypto_rsa_padding_type {
111 RTE_CRYPTO_RSA_PADDING_NONE = 0,
112 /**< RSA no padding scheme */
113 RTE_CRYPTO_RSA_PKCS1_V1_5_BT0,
114 /**< RSA PKCS#1 V1.5 Block Type 0 padding scheme
115 * as descibed in rfc2313
117 RTE_CRYPTO_RSA_PKCS1_V1_5_BT1,
118 /**< RSA PKCS#1 V1.5 Block Type 01 padding scheme
119 * as descibed in rfc2313
121 RTE_CRYPTO_RSA_PKCS1_V1_5_BT2,
122 /**< RSA PKCS#1 V1.5 Block Type 02 padding scheme
123 * as descibed in rfc2313
125 RTE_CRYPTO_RSA_PADDING_OAEP,
126 /**< RSA PKCS#1 OAEP padding scheme */
127 RTE_CRYPTO_RSA_PADDING_PSS,
128 /**< RSA PKCS#1 PSS padding scheme */
129 RTE_CRYPTO_RSA_PADDING_TYPE_LIST_END
133 * RSA private key type enumeration
135 * enumerates private key format required to perform RSA crypto
139 enum rte_crypto_rsa_priv_key_type {
140 RTE_RSA_KEY_TYPE_EXP,
141 /**< RSA private key is an exponent */
143 /**< RSA private key is in quintuple format
144 * See rte_crypto_rsa_priv_key_qt
149 * Structure describing RSA private key in quintuple format.
150 * See PKCS V1.5 RSA Cryptography Standard.
152 struct rte_crypto_rsa_priv_key_qt {
154 /**< p - Private key component P
155 * Private key component of RSA parameter required for CRT method
156 * of private key operations in Octet-string network byte order
161 /**< q - Private key component Q
162 * Private key component of RSA parameter required for CRT method
163 * of private key operations in Octet-string network byte order
168 /**< dP - Private CRT component
169 * Private CRT component of RSA parameter required for CRT method
170 * RSA private key operations in Octet-string network byte order
172 * dP = d mod ( p - 1 )
176 /**< dQ - Private CRT component
177 * Private CRT component of RSA parameter required for CRT method
178 * RSA private key operations in Octet-string network byte order
180 * dQ = d mod ( q - 1 )
183 rte_crypto_param qInv;
184 /**< qInv - Private CRT component
185 * Private CRT component of RSA parameter required for CRT method
186 * RSA private key operations in Octet-string network byte order
193 * Asymmetric RSA transform data
195 * Structure describing RSA xform params
198 struct rte_crypto_rsa_xform {
200 /**< n - Prime modulus
201 * Prime modulus data of RSA operation in Octet-string network
206 /**< e - Public key exponent
207 * Public key exponent used for RSA public key operations in Octet-
208 * string network byte order format.
211 enum rte_crypto_rsa_priv_key_type key_type;
216 /**< d - Private key exponent
217 * Private key exponent used for RSA
218 * private key operations in
219 * Octet-string network byte order format.
222 struct rte_crypto_rsa_priv_key_qt qt;
223 /**< qt - Private key in quintuple format */
228 * Asymmetric Modular exponentiation transform data
230 * Structure describing modular exponentation xform param
233 struct rte_crypto_modex_xform {
234 rte_crypto_param modulus;
236 * Pointer to the modulus data for modexp transform operation
237 * in octet-string network byte order format
239 * In case this number is equal to zero the driver shall set
240 * the crypto op status field to RTE_CRYPTO_OP_STATUS_ERROR
243 rte_crypto_param exponent;
245 * Exponent of the modexp transform operation in
246 * octet-string network byte order format
251 * Asymmetric modular multiplicative inverse transform operation
253 * Structure describing modular multiplicative inverse transform
256 struct rte_crypto_modinv_xform {
257 rte_crypto_param modulus;
259 * Pointer to the modulus data for modular multiplicative inverse
260 * operation in octet-string network byte order format
262 * In case this number is equal to zero the driver shall set
263 * the crypto op status field to RTE_CRYPTO_OP_STATUS_ERROR
265 * This number shall be relatively prime to base
266 * in corresponding Modular Multiplicative Inverse
267 * rte_crypto_mod_op_param
272 * Asymmetric DH transform data
274 * Structure describing deffie-hellman xform params
277 struct rte_crypto_dh_xform {
278 enum rte_crypto_asym_op_type type;
279 /**< Setup xform for key generate or shared secret compute */
282 /**< p : Prime modulus data
283 * DH prime modulous data in octet-string network byte order format.
289 * DH group generator data in octet-string network byte order
296 * Asymmetric Digital Signature transform operation
298 * Structure describing DSA xform params
301 struct rte_crypto_dsa_xform {
303 /**< p - Prime modulus
304 * Prime modulus data for DSA operation in Octet-string network byte
308 /**< q : Order of the subgroup.
309 * Order of the subgroup data in Octet-string network byte order
314 /**< g: Generator of the subgroup
315 * Generator data in Octet-string network byte order format.
318 /**< x: Private key of the signer in octet-string network
320 * Used when app has pre-defined private key.
321 * Valid only when xform chain is DSA ONLY.
322 * if xform chain is DH private key generate + DSA, then DSA sign
323 * compute will use internally generated key.
328 * Operations params for modular operations:
329 * exponentiation and multiplicative inverse
332 struct rte_crypto_mod_op_param {
333 rte_crypto_param base;
335 * Pointer to base of modular exponentiation/multiplicative
336 * inverse data in octet-string network byte order format
338 * In case Multiplicative Inverse is used this number shall
339 * be relatively prime to modulus in corresponding Modular
340 * Multiplicative Inverse rte_crypto_modinv_xform
343 rte_crypto_param result;
345 * Pointer to the result of modular exponentiation/multiplicative inverse
346 * data in octet-string network byte order format.
348 * This field shall be big enough to hold the result of Modular
349 * Exponentiation or Modular Multplicative Inverse
350 * (bigger or equal to length of modulus)
355 * Asymmetric crypto transform data
357 * Structure describing asym xforms.
359 struct rte_crypto_asym_xform {
360 struct rte_crypto_asym_xform *next;
361 /**< Pointer to next xform to set up xform chain.*/
362 enum rte_crypto_asym_xform_type xform_type;
363 /**< Asymmetric crypto transform */
367 struct rte_crypto_rsa_xform rsa;
368 /**< RSA xform parameters */
370 struct rte_crypto_modex_xform modex;
371 /**< Modular Exponentiation xform parameters */
373 struct rte_crypto_modinv_xform modinv;
374 /**< Modular Multiplicative Inverse xform parameters */
376 struct rte_crypto_dh_xform dh;
377 /**< DH xform parameters */
379 struct rte_crypto_dsa_xform dsa;
380 /**< DSA xform parameters */
384 struct rte_cryptodev_asym_session;
387 * RSA operation params
390 struct rte_crypto_rsa_op_param {
391 enum rte_crypto_asym_op_type op_type;
392 /**< Type of RSA operation for transform */;
394 rte_crypto_param message;
397 * - to be encrypted for RSA public encrypt.
398 * - to be decrypted for RSA private decrypt.
399 * - to be signed for RSA sign generation.
400 * - to be authenticated for RSA sign verification.
403 rte_crypto_param sign;
405 * Pointer to RSA signature data. If operation is RSA
406 * sign @ref RTE_CRYPTO_ASYM_OP_SIGN, buffer will be
407 * over-written with generated signature.
409 * Length of the signature data will be equal to the
410 * RSA prime modulus length.
413 enum rte_crypto_rsa_padding_type pad;
414 /**< RSA padding scheme to be used for transform */
416 enum rte_crypto_auth_algorithm md;
417 /**< Hash algorithm to be used for data hash if padding
418 * scheme is either OAEP or PSS. Valid hash algorithms
420 * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
423 enum rte_crypto_auth_algorithm mgf1md;
425 * Hash algorithm to be used for mask generation if
426 * padding scheme is either OAEP or PSS. If padding
427 * scheme is unspecified data hash algorithm is used
428 * for mask generation. Valid hash algorithms are:
429 * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
434 * Diffie-Hellman Operations params.
437 struct rte_crypto_dh_op_param {
438 rte_crypto_param pub_key;
440 * Output generated public key when xform type is
441 * DH PUB_KEY_GENERATION.
442 * Input peer public key when xform type is DH
443 * SHARED_SECRET_COMPUTATION
444 * pub_key is in octet-string network byte order format.
448 rte_crypto_param priv_key;
450 * Output generated private key if xform type is
451 * DH PRIVATE_KEY_GENERATION
452 * Input when xform type is DH SHARED_SECRET_COMPUTATION.
453 * priv_key is in octet-string network byte order format.
457 rte_crypto_param shared_secret;
459 * Output with calculated shared secret
460 * when dh xform set up with op type = SHARED_SECRET_COMPUTATION.
461 * shared_secret is an octet-string network byte order format.
467 * DSA Operations params
470 struct rte_crypto_dsa_op_param {
471 enum rte_crypto_asym_op_type op_type;
472 /**< Signature Generation or Verification */
473 rte_crypto_param message;
474 /**< input message to be signed or verified */
476 /**< dsa sign component 'r' value
478 * output if op_type = sign generate,
479 * input if op_type = sign verify
482 /**< dsa sign component 's' value
484 * output if op_type = sign generate,
485 * input if op_type = sign verify
488 /**< y : Public key of the signer.
489 * Public key data of the signer in Octet-string network byte order
496 * Asymmetric Cryptographic Operation.
498 * Structure describing asymmetric crypto operation params.
501 struct rte_crypto_asym_op {
502 struct rte_cryptodev_asym_session *session;
503 /**< Handle for the initialised session context */
507 struct rte_crypto_rsa_op_param rsa;
508 struct rte_crypto_mod_op_param modex;
509 struct rte_crypto_mod_op_param modinv;
510 struct rte_crypto_dh_op_param dh;
511 struct rte_crypto_dsa_op_param dsa;
519 #endif /* _RTE_CRYPTO_ASYM_H_ */