From baf482c0e39a23d35c1970149ebe21a6f27cb9ac Mon Sep 17 00:00:00 2001 From: Arek Kusztal Date: Fri, 11 Feb 2022 16:02:36 +0000 Subject: [PATCH] cryptodev: clarify usage of random numbers in asym This commit clarifies usage of random numbers in asymmetric crypto API. The user is now allowed to provide information to the PMD if random number should be generated or should be read from user input. If PMD does not support random number generation user should always provide it, if PMD does not support user random, rte_crypto_param.data accordingly should be set to NULL. Signed-off-by: Arek Kusztal Acked-by: Akhil Goyal --- lib/cryptodev/rte_crypto_asym.h | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index e0def3d9ab..58d47158de 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -33,6 +33,11 @@ extern "C" { * These buffers can be used for both input to PMD and output from PMD. When * used for output from PMD, application has to ensure the buffer is large * enough to hold the target data. + * + * If an operation requires the PMD to generate a random number, + * and the device supports CSRNG, 'data' should be set to NULL. + * The crypto parameter in question will not be used by the PMD, + * as it is internally generated. */ typedef struct rte_crypto_param_t { uint8_t *data; @@ -549,7 +554,9 @@ struct rte_crypto_dsa_op_param { /**< input message to be signed or verified */ rte_crypto_param k; /**< Per-message secret number, which is an integer - * in the interval (1, q-1) + * in the interval (1, q-1). + * If the random number is generated by the PMD, + * the 'rte_crypto_param.data' parameter should be set to NULL. */ rte_crypto_param r; /**< dsa sign component 'r' value @@ -589,7 +596,9 @@ struct rte_crypto_ecdsa_op_param { rte_crypto_param k; /**< The ECDSA per-message secret number, which is an integer - * in the interval (1, n-1) + * in the interval (1, n-1). + * If the random number is generated by the PMD, + * the 'rte_crypto_param.data' parameter should be set to NULL. */ rte_crypto_param r; -- 2.20.1