[ceph.git] / ceph / src / spdk / dpdk / lib / librte_cryptodev / rte_crypto_asym.h

/* SPDX-License-Identifier: BSD-3-Clause
 * Copyright(c) 2018 Cavium Networks
 */

#ifndef _RTE_CRYPTO_ASYM_H_
#define _RTE_CRYPTO_ASYM_H_

/**
 * @file rte_crypto_asym.h
 *
 * RTE Definitions for Asymmetric Cryptography
 *
 * Defines asymmetric algorithms and modes, as well as supported
 * asymmetric crypto operations.
 */

#ifdef __cplusplus
extern "C" {
#endif

#include <string.h>
#include <stdint.h>

#include <rte_memory.h>
#include <rte_mempool.h>
#include <rte_common.h>

#include "rte_crypto_sym.h"

/**
 * Buffer to hold crypto params required for asym operations.
 *
 * These buffers can be used for both input to PMD and output from PMD. When
 * used for output from PMD, application has to ensure the buffer is large
 * enough to hold the target data.
 */
typedef struct rte_crypto_param_t {
	uint8_t *data;
	/**< pointer to buffer holding data */
	rte_iova_t iova;
	/**< IO address of data buffer */
	size_t length;
	/**< length of data in bytes */
} rte_crypto_param;

/** asym xform type name strings */
extern const char *
rte_crypto_asym_xform_strings[];

/** asym operations type name strings */
extern const char *
rte_crypto_asym_op_strings[];

/**
 * Asymmetric crypto transformation types.
 * Each xform type maps to one asymmetric algorithm
 * performing specific operation
 *
 */
enum rte_crypto_asym_xform_type {
	RTE_CRYPTO_ASYM_XFORM_UNSPECIFIED = 0,
	/**< Invalid xform. */
	RTE_CRYPTO_ASYM_XFORM_NONE,
	/**< Xform type None.
	 * May be supported by PMD to support
	 * passthrough op for debugging purpose.
	 * if xform_type none , op_type is disregarded.
	 */
	RTE_CRYPTO_ASYM_XFORM_RSA,
	/**< RSA. Performs Encrypt, Decrypt, Sign and Verify.
	 * Refer to rte_crypto_asym_op_type
	 */
	RTE_CRYPTO_ASYM_XFORM_DH,
	/**< Diffie-Hellman.
	 * Performs Key Generate and Shared Secret Compute.
	 * Refer to rte_crypto_asym_op_type
	 */
	RTE_CRYPTO_ASYM_XFORM_DSA,
	/**< Digital Signature Algorithm
	 * Performs Signature Generation and Verification.
	 * Refer to rte_crypto_asym_op_type
	 */
	RTE_CRYPTO_ASYM_XFORM_MODINV,
	/**< Modular Multiplicative Inverse
	 * Perform Modular Multiplicative Inverse b^(-1) mod n
	 */
	RTE_CRYPTO_ASYM_XFORM_MODEX,
	/**< Modular Exponentiation
	 * Perform Modular Exponentiation b^e mod n
	 */
	RTE_CRYPTO_ASYM_XFORM_ECDSA,
	/**< Elliptic Curve Digital Signature Algorithm
	 * Perform Signature Generation and Verification.
	 */
	RTE_CRYPTO_ASYM_XFORM_ECPM,
	/**< Elliptic Curve Point Multiplication */
	RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
	/**< End of list */
};

/**
 * Asymmetric crypto operation type variants
 */
enum rte_crypto_asym_op_type {
	RTE_CRYPTO_ASYM_OP_ENCRYPT,
	/**< Asymmetric Encrypt operation */
	RTE_CRYPTO_ASYM_OP_DECRYPT,
	/**< Asymmetric Decrypt operation */
	RTE_CRYPTO_ASYM_OP_SIGN,
	/**< Signature Generation operation */
	RTE_CRYPTO_ASYM_OP_VERIFY,
	/**< Signature Verification operation */
	RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE,
	/**< DH Private Key generation operation */
	RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE,
	/**< DH Public Key generation operation */
	RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE,
	/**< DH Shared Secret compute operation */
	RTE_CRYPTO_ASYM_OP_LIST_END
};

/**
 * Padding types for RSA signature.
 */
enum rte_crypto_rsa_padding_type {
	RTE_CRYPTO_RSA_PADDING_NONE = 0,
	/**< RSA no padding scheme */
	RTE_CRYPTO_RSA_PADDING_PKCS1_5,
	/**< RSA PKCS#1 PKCS1-v1_5 padding scheme. For signatures block type 01,
	 * for encryption block type 02 are used.
	 */
	RTE_CRYPTO_RSA_PADDING_OAEP,
	/**< RSA PKCS#1 OAEP padding scheme */
	RTE_CRYPTO_RSA_PADDING_PSS,
	/**< RSA PKCS#1 PSS padding scheme */
	RTE_CRYPTO_RSA_PADDING_TYPE_LIST_END
};

/**
 * RSA private key type enumeration
 *
 * enumerates private key format required to perform RSA crypto
 * transform.
 *
 */
enum rte_crypto_rsa_priv_key_type {
	RTE_RSA_KEY_TYPE_EXP,
	/**< RSA private key is an exponent */
	RTE_RSA_KET_TYPE_QT,
	/**< RSA private key is in quintuple format
	 * See rte_crypto_rsa_priv_key_qt
	 */
};

/**
 * Structure describing RSA private key in quintuple format.
 * See PKCS V1.5 RSA Cryptography Standard.
 */
struct rte_crypto_rsa_priv_key_qt {
	rte_crypto_param p;
	/**< p - Private key component P
	 * Private key component of RSA parameter  required for CRT method
	 * of private key operations in Octet-string network byte order
	 * format.
	 */

	rte_crypto_param q;
	/**< q - Private key component Q
	 * Private key component of RSA parameter  required for CRT method
	 * of private key operations in Octet-string network byte order
	 * format.
	 */

	rte_crypto_param dP;
	/**< dP - Private CRT component
	 * Private CRT component of RSA parameter  required for CRT method
	 * RSA private key operations in Octet-string network byte order
	 * format.
	 * dP = d mod ( p - 1 )
	 */

	rte_crypto_param dQ;
	/**< dQ - Private CRT component
	 * Private CRT component of RSA parameter  required for CRT method
	 * RSA private key operations in Octet-string network byte order
	 * format.
	 * dQ = d mod ( q - 1 )
	 */

	rte_crypto_param qInv;
	/**< qInv - Private CRT component
	 * Private CRT component of RSA parameter  required for CRT method
	 * RSA private key operations in Octet-string network byte order
	 * format.
	 * qInv = inv q mod p
	 */
};

/**
 * Asymmetric RSA transform data
 *
 * Structure describing RSA xform params
 *
 */
struct rte_crypto_rsa_xform {
	rte_crypto_param n;
	/**< n - Modulus
	 * Modulus data of RSA operation in Octet-string network
	 * byte order format.
	 */

	rte_crypto_param e;
	/**< e - Public key exponent
	 * Public key exponent used for RSA public key operations in Octet-
	 * string network byte order format.
	 */

	enum rte_crypto_rsa_priv_key_type key_type;

	__extension__
	union {
		rte_crypto_param d;
		/**< d - Private key exponent
		 * Private key exponent used for RSA
		 * private key operations in
		 * Octet-string  network byte order format.
		 */

		struct rte_crypto_rsa_priv_key_qt qt;
		/**< qt - Private key in quintuple format */
	};
};

/**
 * Asymmetric Modular exponentiation transform data
 *
 * Structure describing modular exponentiation xform param
 *
 */
struct rte_crypto_modex_xform {
	rte_crypto_param modulus;
	/**< modulus
	 * Pointer to the modulus data for modexp transform operation
	 * in octet-string network byte order format
	 *
	 * In case this number is equal to zero the driver shall set
	 * the crypto op status field to RTE_CRYPTO_OP_STATUS_ERROR
	 */

	rte_crypto_param exponent;
	/**< exponent
	 * Exponent of the modexp transform operation in
	 * octet-string network byte order format
	 */
};

/**
 * Asymmetric modular multiplicative inverse transform operation
 *
 * Structure describing modular multiplicative inverse transform
 *
 */
struct rte_crypto_modinv_xform {
	rte_crypto_param modulus;
	/**<
	 * Pointer to the modulus data for modular multiplicative inverse
	 * operation in octet-string network byte order format
	 *
	 * In case this number is equal to zero the driver shall set
	 * the crypto op status field to RTE_CRYPTO_OP_STATUS_ERROR
	 *
	 * This number shall be relatively prime to base
	 * in corresponding Modular Multiplicative Inverse
	 * rte_crypto_mod_op_param
	 */
};

/**
 * Asymmetric DH transform data
 *
 * Structure describing deffie-hellman xform params
 *
 */
struct rte_crypto_dh_xform {
	enum rte_crypto_asym_op_type type;
	/**< Setup xform for key generate or shared secret compute */

	rte_crypto_param p;
	/**< p : Prime modulus data
	 * DH prime modulus data in octet-string network byte order format.
	 *
	 */

	rte_crypto_param g;
	/**< g : Generator
	 * DH group generator data in octet-string network byte order
	 * format.
	 *
	 */
};

/**
 * Asymmetric Digital Signature transform operation
 *
 * Structure describing DSA xform params
 *
 */
struct rte_crypto_dsa_xform {
	rte_crypto_param p;
	/**< p - Prime modulus
	 * Prime modulus data for DSA operation in Octet-string network byte
	 * order format.
	 */
	rte_crypto_param q;
	/**< q : Order of the subgroup.
	 * Order of the subgroup data in Octet-string network byte order
	 * format.
	 * (p-1) % q = 0
	 */
	rte_crypto_param g;
	/**< g: Generator of the subgroup
	 * Generator  data in Octet-string network byte order format.
	 */
	rte_crypto_param x;
	/**< x: Private key of the signer in octet-string network
	 * byte order format.
	 * Used when app has pre-defined private key.
	 * Valid only when xform chain is DSA ONLY.
	 * if xform chain is DH private key generate + DSA, then DSA sign
	 * compute will use internally generated key.
	 */
};

/**
 * TLS named curves
 * https://tools.ietf.org/html/rfc8422
 */
enum rte_crypto_ec_group {
	RTE_CRYPTO_EC_GROUP_UNKNOWN  = 0,
	RTE_CRYPTO_EC_GROUP_SECP192R1 = 19,
	RTE_CRYPTO_EC_GROUP_SECP224R1 = 21,
	RTE_CRYPTO_EC_GROUP_SECP256R1 = 23,
	RTE_CRYPTO_EC_GROUP_SECP384R1 = 24,
	RTE_CRYPTO_EC_GROUP_SECP521R1 = 25,
};

/**
 * Structure for elliptic curve point
 */
struct rte_crypto_ec_point {
	rte_crypto_param x;
	/**< X coordinate */
	rte_crypto_param y;
	/**< Y coordinate */
};

/**
 * Asymmetric elliptic curve transform data
 *
 * Structure describing all EC based xform params
 *
 */
struct rte_crypto_ec_xform {
	enum rte_crypto_ec_group curve_id;
	/**< Pre-defined ec groups */
};

/**
 * Operations params for modular operations:
 * exponentiation and multiplicative inverse
 *
 */
struct rte_crypto_mod_op_param {
	rte_crypto_param base;
	/**<
	 * Pointer to base of modular exponentiation/multiplicative
	 * inverse data in octet-string network byte order format
	 *
	 * In case Multiplicative Inverse is used this number shall
	 * be relatively prime to modulus in corresponding Modular
	 * Multiplicative Inverse rte_crypto_modinv_xform
	 */

	rte_crypto_param result;
	/**<
	 * Pointer to the result of modular exponentiation/multiplicative inverse
	 * data in octet-string network byte order format.
	 *
	 * This field shall be big enough to hold the result of Modular
	 * Exponentiation or Modular Multiplicative Inverse
	 * (bigger or equal to length of modulus)
	 */
};

/**
 * Asymmetric crypto transform data
 *
 * Structure describing asym xforms.
 */
struct rte_crypto_asym_xform {
	struct rte_crypto_asym_xform *next;
	/**< Pointer to next xform to set up xform chain.*/
	enum rte_crypto_asym_xform_type xform_type;
	/**< Asymmetric crypto transform */

	__extension__
	union {
		struct rte_crypto_rsa_xform rsa;
		/**< RSA xform parameters */

		struct rte_crypto_modex_xform modex;
		/**< Modular Exponentiation xform parameters */

		struct rte_crypto_modinv_xform modinv;
		/**< Modular Multiplicative Inverse xform parameters */

		struct rte_crypto_dh_xform dh;
		/**< DH xform parameters */

		struct rte_crypto_dsa_xform dsa;
		/**< DSA xform parameters */

		struct rte_crypto_ec_xform ec;
		/**< EC xform parameters, used by elliptic curve based
		 * operations.
		 */
	};
};

struct rte_cryptodev_asym_session;

/**
 * RSA operation params
 *
 */
struct rte_crypto_rsa_op_param {
	enum rte_crypto_asym_op_type op_type;
	/**< Type of RSA operation for transform */

	rte_crypto_param message;
	/**<
	 * Pointer to input data
	 * - to be encrypted for RSA public encrypt.
	 * - to be signed for RSA sign generation.
	 * - to be authenticated for RSA sign verification.
	 *
	 * Pointer to output data
	 * - for RSA private decrypt.
	 * In this case the underlying array should have been
	 * allocated with enough memory to hold plaintext output
	 * (i.e. must be at least RSA key size). The message.length
	 * field should be 0 and will be overwritten by the PMD
	 * with the decrypted length.
	 *
	 * All data is in Octet-string network byte order format.
	 */

	rte_crypto_param cipher;
	/**<
	 * Pointer to input data
	 * - to be decrypted for RSA private decrypt.
	 *
	 * Pointer to output data
	 * - for RSA public encrypt.
	 * In this case the underlying array should have been allocated
	 * with enough memory to hold ciphertext output (i.e. must be
	 * at least RSA key size). The cipher.length field should
	 * be 0 and will be overwritten by the PMD with the encrypted length.
	 *
	 * All data is in Octet-string network byte order format.
	 */

	rte_crypto_param sign;
	/**<
	 * Pointer to input data
	 * - to be verified for RSA public decrypt.
	 *
	 * Pointer to output data
	 * - for RSA private encrypt.
	 * In this case the underlying array should have been allocated
	 * with enough memory to hold signature output (i.e. must be
	 * at least RSA key size). The sign.length field should
	 * be 0 and will be overwritten by the PMD with the signature length.
	 *
	 * All data is in Octet-string network byte order format.
	 */

	enum rte_crypto_rsa_padding_type pad;
	/**< RSA padding scheme to be used for transform */

	enum rte_crypto_auth_algorithm md;
	/**< Hash algorithm to be used for data hash if padding
	 * scheme is either OAEP or PSS. Valid hash algorithms
	 * are:
	 * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
	 */

	enum rte_crypto_auth_algorithm mgf1md;
	/**<
	 * Hash algorithm to be used for mask generation if
	 * padding scheme is either OAEP or PSS. If padding
	 * scheme is unspecified data hash algorithm is used
	 * for mask generation. Valid hash algorithms are:
	 * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
	 */
};

/**
 * Diffie-Hellman Operations params.
 * @note:
 */
struct rte_crypto_dh_op_param {
	rte_crypto_param pub_key;
	/**<
	 * Output generated public key when xform type is
	 * DH PUB_KEY_GENERATION.
	 * Input peer public key when xform type is DH
	 * SHARED_SECRET_COMPUTATION
	 * pub_key is in octet-string network byte order format.
	 *
	 */

	rte_crypto_param priv_key;
	/**<
	 * Output generated private key if xform type is
	 * DH PRIVATE_KEY_GENERATION
	 * Input when xform type is DH SHARED_SECRET_COMPUTATION.
	 * priv_key is in octet-string network byte order format.
	 *
	 */

	rte_crypto_param shared_secret;
	/**<
	 * Output with calculated shared secret
	 * when dh xform set up with op type = SHARED_SECRET_COMPUTATION.
	 * shared_secret is an octet-string network byte order format.
	 *
	 */
};

/**
 * DSA Operations params
 *
 */
struct rte_crypto_dsa_op_param {
	enum rte_crypto_asym_op_type op_type;
	/**< Signature Generation or Verification */
	rte_crypto_param message;
	/**< input message to be signed or verified */
	rte_crypto_param r;
	/**< dsa sign component 'r' value
	 *
	 * output if op_type = sign generate,
	 * input if op_type = sign verify
	 */
	rte_crypto_param s;
	/**< dsa sign component 's' value
	 *
	 * output if op_type = sign generate,
	 * input if op_type = sign verify
	 */
	rte_crypto_param y;
	/**< y : Public key of the signer.
	 * Public key data of the signer in Octet-string network byte order
	 * format.
	 * y = g^x mod p
	 */
};

/**
 * ECDSA operation params
 */
struct rte_crypto_ecdsa_op_param {
	enum rte_crypto_asym_op_type op_type;
	/**< Signature generation or verification */

	rte_crypto_param pkey;
	/**< Private key of the signer for signature generation */

	struct rte_crypto_ec_point q;
	/**< Public key of the signer for verification */

	rte_crypto_param message;
	/**< Input message digest to be signed or verified */

	rte_crypto_param k;
	/**< The ECDSA per-message secret number, which is an integer
	 * in the interval (1, n-1)
	 */

	rte_crypto_param r;
	/**< r component of elliptic curve signature
	 *     output : for signature generation
	 *     input  : for signature verification
	 */
	rte_crypto_param s;
	/**< s component of elliptic curve signature
	 *     output : for signature generation
	 *     input  : for signature verification
	 */
};

/**
 * Structure for EC point multiplication operation param
 */
struct rte_crypto_ecpm_op_param {
	struct rte_crypto_ec_point p;
	/**< x and y coordinates of input point */

	struct rte_crypto_ec_point r;
	/**< x and y coordinates of resultant point */

	rte_crypto_param scalar;
	/**< Scalar to multiply the input point */
};

/**
 * Asymmetric Cryptographic Operation.
 *
 * Structure describing asymmetric crypto operation params.
 *
 */
struct rte_crypto_asym_op {
	RTE_STD_C11
	union {
		struct rte_cryptodev_asym_session *session;
		/**< Handle for the initialised session context */
		struct rte_crypto_asym_xform *xform;
		/**< Session-less API crypto operation parameters */
	};

	__extension__
	union {
		struct rte_crypto_rsa_op_param rsa;
		struct rte_crypto_mod_op_param modex;
		struct rte_crypto_mod_op_param modinv;
		struct rte_crypto_dh_op_param dh;
		struct rte_crypto_dsa_op_param dsa;
		struct rte_crypto_ecdsa_op_param ecdsa;
		struct rte_crypto_ecpm_op_param ecpm;
	};
};

#ifdef __cplusplus
}
#endif

#endif /* _RTE_CRYPTO_ASYM_H_ */
Commit	Line	Data
11fdf7f2 TL	1	/* SPDX-License-Identifier: BSD-3-Clause
	2	* Copyright(c) 2018 Cavium Networks
	3	*/
	4
	5	#ifndef _RTE_CRYPTO_ASYM_H_
	6	#define _RTE_CRYPTO_ASYM_H_
	7
	8	/**
	9	* @file rte_crypto_asym.h
	10	*
	11	* RTE Definitions for Asymmetric Cryptography
	12	*
	13	* Defines asymmetric algorithms and modes, as well as supported
	14	* asymmetric crypto operations.
	15	*/
	16
	17	#ifdef __cplusplus
	18	extern "C" {
	19	#endif
	20
	21	#include <string.h>
	22	#include <stdint.h>
	23
	24	#include <rte_memory.h>
	25	#include <rte_mempool.h>
	26	#include <rte_common.h>
	27
9f95a23c TL	28	#include "rte_crypto_sym.h"
9f95a23c TL	29
f67539c2 TL	30	/**
	31	* Buffer to hold crypto params required for asym operations.
	32	*
	33	* These buffers can be used for both input to PMD and output from PMD. When
	34	* used for output from PMD, application has to ensure the buffer is large
	35	* enough to hold the target data.
	36	*/
11fdf7f2 TL	37	typedef struct rte_crypto_param_t {
	38	uint8_t *data;
	39	/*< pointer to buffer holding data /
	40	rte_iova_t iova;
	41	/*< IO address of data buffer /
	42	size_t length;
	43	/*< length of data in bytes /
	44	} rte_crypto_param;
	45
	46	/** asym xform type name strings */
	47	extern const char *
	48	rte_crypto_asym_xform_strings[];
	49
	50	/** asym operations type name strings */
	51	extern const char *
	52	rte_crypto_asym_op_strings[];
	53
	54	/**
	55	* Asymmetric crypto transformation types.
	56	* Each xform type maps to one asymmetric algorithm
	57	* performing specific operation
	58	*
	59	*/
	60	enum rte_crypto_asym_xform_type {
	61	RTE_CRYPTO_ASYM_XFORM_UNSPECIFIED = 0,
	62	/*< Invalid xform. /
	63	RTE_CRYPTO_ASYM_XFORM_NONE,
	64	/**< Xform type None.
	65	* May be supported by PMD to support
	66	* passthrough op for debugging purpose.
	67	* if xform_type none , op_type is disregarded.
	68	*/
	69	RTE_CRYPTO_ASYM_XFORM_RSA,
	70	/**< RSA. Performs Encrypt, Decrypt, Sign and Verify.
	71	* Refer to rte_crypto_asym_op_type
	72	*/
	73	RTE_CRYPTO_ASYM_XFORM_DH,
	74	/**< Diffie-Hellman.
	75	* Performs Key Generate and Shared Secret Compute.
	76	* Refer to rte_crypto_asym_op_type
	77	*/
	78	RTE_CRYPTO_ASYM_XFORM_DSA,
	79	/**< Digital Signature Algorithm
	80	* Performs Signature Generation and Verification.
	81	* Refer to rte_crypto_asym_op_type
	82	*/
	83	RTE_CRYPTO_ASYM_XFORM_MODINV,
9f95a23c TL	84	/**< Modular Multiplicative Inverse
9f95a23c TL	85	* Perform Modular Multiplicative Inverse b^(-1) mod n
11fdf7f2 TL	86	*/
	87	RTE_CRYPTO_ASYM_XFORM_MODEX,
	88	/**< Modular Exponentiation
	89	* Perform Modular Exponentiation b^e mod n
	90	*/
f67539c2 TL	91	RTE_CRYPTO_ASYM_XFORM_ECDSA,
	92	/**< Elliptic Curve Digital Signature Algorithm
	93	* Perform Signature Generation and Verification.
	94	*/
	95	RTE_CRYPTO_ASYM_XFORM_ECPM,
	96	/*< Elliptic Curve Point Multiplication /
11fdf7f2 TL	97	RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
	98	/*< End of list /
	99	};
	100
	101	/**
	102	* Asymmetric crypto operation type variants
	103	*/
	104	enum rte_crypto_asym_op_type {
	105	RTE_CRYPTO_ASYM_OP_ENCRYPT,
	106	/*< Asymmetric Encrypt operation /
	107	RTE_CRYPTO_ASYM_OP_DECRYPT,
	108	/*< Asymmetric Decrypt operation /
	109	RTE_CRYPTO_ASYM_OP_SIGN,
	110	/*< Signature Generation operation /
	111	RTE_CRYPTO_ASYM_OP_VERIFY,
	112	/*< Signature Verification operation /
	113	RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE,
	114	/*< DH Private Key generation operation /
	115	RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE,
	116	/*< DH Public Key generation operation /
	117	RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE,
	118	/*< DH Shared Secret compute operation /
	119	RTE_CRYPTO_ASYM_OP_LIST_END
	120	};
	121
	122	/**
	123	* Padding types for RSA signature.
	124	*/
	125	enum rte_crypto_rsa_padding_type {
	126	RTE_CRYPTO_RSA_PADDING_NONE = 0,
	127	/*< RSA no padding scheme /
f67539c2 TL	128	RTE_CRYPTO_RSA_PADDING_PKCS1_5,
	129	/**< RSA PKCS#1 PKCS1-v1_5 padding scheme. For signatures block type 01,
	130	* for encryption block type 02 are used.
11fdf7f2 TL	131	*/
	132	RTE_CRYPTO_RSA_PADDING_OAEP,
	133	/*< RSA PKCS#1 OAEP padding scheme /
	134	RTE_CRYPTO_RSA_PADDING_PSS,
	135	/*< RSA PKCS#1 PSS padding scheme /
	136	RTE_CRYPTO_RSA_PADDING_TYPE_LIST_END
	137	};
	138
	139	/**
	140	* RSA private key type enumeration
	141	*
	142	* enumerates private key format required to perform RSA crypto
	143	* transform.
	144	*
	145	*/
	146	enum rte_crypto_rsa_priv_key_type {
	147	RTE_RSA_KEY_TYPE_EXP,
	148	/*< RSA private key is an exponent /
	149	RTE_RSA_KET_TYPE_QT,
	150	/**< RSA private key is in quintuple format
	151	* See rte_crypto_rsa_priv_key_qt
	152	*/
	153	};
	154
	155	/**
	156	* Structure describing RSA private key in quintuple format.
	157	* See PKCS V1.5 RSA Cryptography Standard.
	158	*/
	159	struct rte_crypto_rsa_priv_key_qt {
	160	rte_crypto_param p;
	161	/**< p - Private key component P
	162	* Private key component of RSA parameter required for CRT method
	163	* of private key operations in Octet-string network byte order
	164	* format.
	165	*/
	166
	167	rte_crypto_param q;
	168	/**< q - Private key component Q
	169	* Private key component of RSA parameter required for CRT method
	170	* of private key operations in Octet-string network byte order
	171	* format.
	172	*/
	173
	174	rte_crypto_param dP;
	175	/**< dP - Private CRT component
	176	* Private CRT component of RSA parameter required for CRT method
	177	* RSA private key operations in Octet-string network byte order
	178	* format.
	179	* dP = d mod ( p - 1 )
	180	*/
	181
	182	rte_crypto_param dQ;
	183	/**< dQ - Private CRT component
	184	* Private CRT component of RSA parameter required for CRT method
	185	* RSA private key operations in Octet-string network byte order
	186	* format.
	187	* dQ = d mod ( q - 1 )
	188	*/
	189
	190	rte_crypto_param qInv;
	191	/**< qInv - Private CRT component
	192	* Private CRT component of RSA parameter required for CRT method
	193	* RSA private key operations in Octet-string network byte order
	194	* format.
195	* qInv = inv q mod p
196	*/
197	};
198
199	/**
200	* Asymmetric RSA transform data
201	*
202	* Structure describing RSA xform params
203	*
204	*/
205	struct rte_crypto_rsa_xform {
206	rte_crypto_param n;
f67539c2 TL	207	/**< n - Modulus
f67539c2 TL	208	* Modulus data of RSA operation in Octet-string network
11fdf7f2 TL	209	* byte order format.
	210	*/
	211
	212	rte_crypto_param e;
	213	/**< e - Public key exponent
	214	* Public key exponent used for RSA public key operations in Octet-
	215	* string network byte order format.
	216	*/
	217
	218	enum rte_crypto_rsa_priv_key_type key_type;
	219
	220	__extension__
	221	union {
	222	rte_crypto_param d;
	223	/**< d - Private key exponent
	224	* Private key exponent used for RSA
	225	* private key operations in
	226	* Octet-string network byte order format.
	227	*/
	228
	229	struct rte_crypto_rsa_priv_key_qt qt;
	230	/*< qt - Private key in quintuple format /
	231	};
	232	};
	233
	234	/**
	235	* Asymmetric Modular exponentiation transform data
	236	*
9f95a23c	237	* Structure describing modular exponentiation xform param
11fdf7f2 TL	238	*
	239	*/
	240	struct rte_crypto_modex_xform {
	241	rte_crypto_param modulus;
	242	/**< modulus
9f95a23c TL	243	* Pointer to the modulus data for modexp transform operation
	244	* in octet-string network byte order format
	245	*
	246	* In case this number is equal to zero the driver shall set
	247	* the crypto op status field to RTE_CRYPTO_OP_STATUS_ERROR
11fdf7f2 TL	248	*/
	249
	250	rte_crypto_param exponent;
	251	/**< exponent
9f95a23c TL	252	* Exponent of the modexp transform operation in
9f95a23c TL	253	* octet-string network byte order format
11fdf7f2 TL	254	*/
	255	};
	256
	257	/**
9f95a23c	258	* Asymmetric modular multiplicative inverse transform operation
11fdf7f2	259	*
9f95a23c	260	* Structure describing modular multiplicative inverse transform
11fdf7f2 TL	261	*
	262	*/
	263	struct rte_crypto_modinv_xform {
	264	rte_crypto_param modulus;
	265	/**<
9f95a23c TL	266	* Pointer to the modulus data for modular multiplicative inverse
	267	* operation in octet-string network byte order format
	268	*
	269	* In case this number is equal to zero the driver shall set
	270	* the crypto op status field to RTE_CRYPTO_OP_STATUS_ERROR
	271	*
	272	* This number shall be relatively prime to base
	273	* in corresponding Modular Multiplicative Inverse
	274	* rte_crypto_mod_op_param
11fdf7f2 TL	275	*/
	276	};
	277
	278	/**
	279	* Asymmetric DH transform data
	280	*
	281	* Structure describing deffie-hellman xform params
	282	*
	283	*/
	284	struct rte_crypto_dh_xform {
	285	enum rte_crypto_asym_op_type type;
	286	/*< Setup xform for key generate or shared secret compute /
	287
	288	rte_crypto_param p;
	289	/**< p : Prime modulus data
9f95a23c	290	* DH prime modulus data in octet-string network byte order format.
11fdf7f2 TL	291	*
	292	*/
	293
	294	rte_crypto_param g;
	295	/**< g : Generator
	296	* DH group generator data in octet-string network byte order
	297	* format.
	298	*
	299	*/
	300	};
	301
	302	/**
	303	* Asymmetric Digital Signature transform operation
	304	*
	305	* Structure describing DSA xform params
	306	*
	307	*/
	308	struct rte_crypto_dsa_xform {
	309	rte_crypto_param p;
	310	/**< p - Prime modulus
	311	* Prime modulus data for DSA operation in Octet-string network byte
	312	* order format.
	313	*/
	314	rte_crypto_param q;
	315	/**< q : Order of the subgroup.
	316	* Order of the subgroup data in Octet-string network byte order
	317	* format.
	318	* (p-1) % q = 0
	319	*/
	320	rte_crypto_param g;
	321	/**< g: Generator of the subgroup
	322	* Generator data in Octet-string network byte order format.
	323	*/
	324	rte_crypto_param x;
	325	/**< x: Private key of the signer in octet-string network
	326	* byte order format.
	327	* Used when app has pre-defined private key.
	328	* Valid only when xform chain is DSA ONLY.
	329	* if xform chain is DH private key generate + DSA, then DSA sign
	330	* compute will use internally generated key.
	331	*/
	332	};
	333
f67539c2 TL	334	/**
	335	* TLS named curves
	336	* https://tools.ietf.org/html/rfc8422
	337	*/
	338	enum rte_crypto_ec_group {
	339	RTE_CRYPTO_EC_GROUP_UNKNOWN = 0,
	340	RTE_CRYPTO_EC_GROUP_SECP192R1 = 19,
	341	RTE_CRYPTO_EC_GROUP_SECP224R1 = 21,
	342	RTE_CRYPTO_EC_GROUP_SECP256R1 = 23,
	343	RTE_CRYPTO_EC_GROUP_SECP384R1 = 24,
	344	RTE_CRYPTO_EC_GROUP_SECP521R1 = 25,
	345	};
	346
	347	/**
	348	* Structure for elliptic curve point
	349	*/
	350	struct rte_crypto_ec_point {
	351	rte_crypto_param x;
	352	/*< X coordinate /
	353	rte_crypto_param y;
	354	/*< Y coordinate /
	355	};
	356
	357	/**
	358	* Asymmetric elliptic curve transform data
	359	*
	360	* Structure describing all EC based xform params
	361	*
	362	*/
	363	struct rte_crypto_ec_xform {
	364	enum rte_crypto_ec_group curve_id;
	365	/*< Pre-defined ec groups /
	366	};
	367
11fdf7f2 TL	368	/**
11fdf7f2 TL	369	* Operations params for modular operations:
9f95a23c	370	* exponentiation and multiplicative inverse
11fdf7f2 TL	371	*
	372	*/
	373	struct rte_crypto_mod_op_param {
	374	rte_crypto_param base;
	375	/**<
9f95a23c TL	376	* Pointer to base of modular exponentiation/multiplicative
	377	* inverse data in octet-string network byte order format
	378	*
	379	* In case Multiplicative Inverse is used this number shall
	380	* be relatively prime to modulus in corresponding Modular
	381	* Multiplicative Inverse rte_crypto_modinv_xform
	382	*/
	383
	384	rte_crypto_param result;
	385	/**<
	386	* Pointer to the result of modular exponentiation/multiplicative inverse
	387	* data in octet-string network byte order format.
	388	*
	389	* This field shall be big enough to hold the result of Modular
	390	* Exponentiation or Modular Multiplicative Inverse
	391	* (bigger or equal to length of modulus)
11fdf7f2 TL	392	*/
	393	};
	394
	395	/**
	396	* Asymmetric crypto transform data
	397	*
	398	* Structure describing asym xforms.
	399	*/
	400	struct rte_crypto_asym_xform {
	401	struct rte_crypto_asym_xform *next;
	402	/*< Pointer to next xform to set up xform chain./
	403	enum rte_crypto_asym_xform_type xform_type;
	404	/*< Asymmetric crypto transform /
	405
	406	__extension__
	407	union {
	408	struct rte_crypto_rsa_xform rsa;
	409	/*< RSA xform parameters /
	410
	411	struct rte_crypto_modex_xform modex;
	412	/*< Modular Exponentiation xform parameters /
	413
	414	struct rte_crypto_modinv_xform modinv;
9f95a23c	415	/*< Modular Multiplicative Inverse xform parameters /
11fdf7f2 TL	416
	417	struct rte_crypto_dh_xform dh;
	418	/*< DH xform parameters /
	419
	420	struct rte_crypto_dsa_xform dsa;
	421	/*< DSA xform parameters /
f67539c2 TL	422
	423	struct rte_crypto_ec_xform ec;
	424	/**< EC xform parameters, used by elliptic curve based
	425	* operations.
	426	*/
11fdf7f2 TL	427	};
	428	};
	429
	430	struct rte_cryptodev_asym_session;
	431
	432	/**
	433	* RSA operation params
	434	*
	435	*/
	436	struct rte_crypto_rsa_op_param {
	437	enum rte_crypto_asym_op_type op_type;
f67539c2	438	/*< Type of RSA operation for transform /
11fdf7f2 TL	439
	440	rte_crypto_param message;
	441	/**<
f67539c2	442	* Pointer to input data
11fdf7f2	443	* - to be encrypted for RSA public encrypt.
11fdf7f2 TL	444	* - to be signed for RSA sign generation.
11fdf7f2 TL	445	* - to be authenticated for RSA sign verification.
f67539c2 TL	446	*
	447	* Pointer to output data
	448	* - for RSA private decrypt.
	449	* In this case the underlying array should have been
	450	* allocated with enough memory to hold plaintext output
	451	* (i.e. must be at least RSA key size). The message.length
	452	* field should be 0 and will be overwritten by the PMD
	453	* with the decrypted length.
	454	*
	455	* All data is in Octet-string network byte order format.
	456	*/
	457
	458	rte_crypto_param cipher;
	459	/**<
	460	* Pointer to input data
	461	* - to be decrypted for RSA private decrypt.
	462	*
	463	* Pointer to output data
	464	* - for RSA public encrypt.
	465	* In this case the underlying array should have been allocated
	466	* with enough memory to hold ciphertext output (i.e. must be
	467	* at least RSA key size). The cipher.length field should
	468	* be 0 and will be overwritten by the PMD with the encrypted length.
	469	*
	470	* All data is in Octet-string network byte order format.
11fdf7f2 TL	471	*/
	472
	473	rte_crypto_param sign;
	474	/**<
f67539c2 TL	475	* Pointer to input data
f67539c2 TL	476	* - to be verified for RSA public decrypt.
11fdf7f2	477	*
f67539c2 TL	478	* Pointer to output data
	479	* - for RSA private encrypt.
	480	* In this case the underlying array should have been allocated
	481	* with enough memory to hold signature output (i.e. must be
	482	* at least RSA key size). The sign.length field should
	483	* be 0 and will be overwritten by the PMD with the signature length.
	484	*
	485	* All data is in Octet-string network byte order format.
11fdf7f2 TL	486	*/
	487
	488	enum rte_crypto_rsa_padding_type pad;
	489	/*< RSA padding scheme to be used for transform /
	490
	491	enum rte_crypto_auth_algorithm md;
	492	/**< Hash algorithm to be used for data hash if padding
	493	* scheme is either OAEP or PSS. Valid hash algorithms
	494	* are:
	495	* MD5, SHA1, SHA224, SHA256, SHA384, SHA512
	496	*/
	497
	498	enum rte_crypto_auth_algorithm mgf1md;
	499	/**<
	500	* Hash algorithm to be used for mask generation if
	501	* padding scheme is either OAEP or PSS. If padding
	502	* scheme is unspecified data hash algorithm is used
	503	* for mask generation. Valid hash algorithms are:
	504	* MD5, SHA1, SHA224, SHA256, SHA384, SHA512
	505	*/
	506	};
	507
	508	/**
	509	* Diffie-Hellman Operations params.
	510	* @note:
	511	*/
	512	struct rte_crypto_dh_op_param {
	513	rte_crypto_param pub_key;
	514	/**<
	515	* Output generated public key when xform type is
	516	* DH PUB_KEY_GENERATION.
	517	* Input peer public key when xform type is DH
	518	* SHARED_SECRET_COMPUTATION
	519	* pub_key is in octet-string network byte order format.
	520	*
	521	*/
	522
	523	rte_crypto_param priv_key;
	524	/**<
	525	* Output generated private key if xform type is
	526	* DH PRIVATE_KEY_GENERATION
	527	* Input when xform type is DH SHARED_SECRET_COMPUTATION.
	528	* priv_key is in octet-string network byte order format.
	529	*
	530	*/
	531
	532	rte_crypto_param shared_secret;
	533	/**<
	534	* Output with calculated shared secret
	535	* when dh xform set up with op type = SHARED_SECRET_COMPUTATION.
	536	* shared_secret is an octet-string network byte order format.
	537	*
	538	*/
	539	};
	540
	541	/**
	542	* DSA Operations params
	543	*
	544	*/
	545	struct rte_crypto_dsa_op_param {
	546	enum rte_crypto_asym_op_type op_type;
	547	/*< Signature Generation or Verification /
	548	rte_crypto_param message;
	549	/*< input message to be signed or verified /
550	rte_crypto_param r;
551	/**< dsa sign component 'r' value
552	*
553	* output if op_type = sign generate,
554	* input if op_type = sign verify
555	*/
556	rte_crypto_param s;
557	/**< dsa sign component 's' value
558	*
559	* output if op_type = sign generate,
560	* input if op_type = sign verify
561	*/
562	rte_crypto_param y;
563	/**< y : Public key of the signer.
564	* Public key data of the signer in Octet-string network byte order
565	* format.
566	* y = g^x mod p
567	*/
568	};
569
f67539c2 TL	570	/**
	571	* ECDSA operation params
	572	*/
	573	struct rte_crypto_ecdsa_op_param {
	574	enum rte_crypto_asym_op_type op_type;
	575	/*< Signature generation or verification /
	576
	577	rte_crypto_param pkey;
	578	/*< Private key of the signer for signature generation /
	579
	580	struct rte_crypto_ec_point q;
	581	/*< Public key of the signer for verification /
	582
	583	rte_crypto_param message;
	584	/*< Input message digest to be signed or verified /
	585
	586	rte_crypto_param k;
	587	/**< The ECDSA per-message secret number, which is an integer
	588	* in the interval (1, n-1)
	589	*/
	590
	591	rte_crypto_param r;
	592	/**< r component of elliptic curve signature
	593	* output : for signature generation
	594	* input : for signature verification
	595	*/
	596	rte_crypto_param s;
	597	/**< s component of elliptic curve signature
	598	* output : for signature generation
	599	* input : for signature verification
	600	*/
	601	};
	602
	603	/**
	604	* Structure for EC point multiplication operation param
	605	*/
	606	struct rte_crypto_ecpm_op_param {
	607	struct rte_crypto_ec_point p;
	608	/*< x and y coordinates of input point /
	609
	610	struct rte_crypto_ec_point r;
	611	/*< x and y coordinates of resultant point /
	612
	613	rte_crypto_param scalar;
	614	/*< Scalar to multiply the input point /
	615	};
	616
11fdf7f2 TL	617	/**
	618	* Asymmetric Cryptographic Operation.
	619	*
	620	* Structure describing asymmetric crypto operation params.
	621	*
	622	*/
	623	struct rte_crypto_asym_op {
f67539c2 TL	624	RTE_STD_C11
	625	union {
	626	struct rte_cryptodev_asym_session *session;
	627	/*< Handle for the initialised session context /
	628	struct rte_crypto_asym_xform *xform;
	629	/*< Session-less API crypto operation parameters /
	630	};
11fdf7f2 TL	631
	632	__extension__
	633	union {
	634	struct rte_crypto_rsa_op_param rsa;
	635	struct rte_crypto_mod_op_param modex;
	636	struct rte_crypto_mod_op_param modinv;
	637	struct rte_crypto_dh_op_param dh;
	638	struct rte_crypto_dsa_op_param dsa;
f67539c2 TL	639	struct rte_crypto_ecdsa_op_param ecdsa;
f67539c2 TL	640	struct rte_crypto_ecpm_op_param ecpm;
11fdf7f2	641	};
9f95a23c	642	};
11fdf7f2 TL	643
	644	#ifdef __cplusplus
	645	}
	646	#endif
	647
	648	#endif /* _RTE_CRYPTO_ASYM_H_ */