diff mbox series

[v2,1/2] cryptodev: add dh verify option

Message ID 20220413140327.12915-2-arkadiuszx.kusztal@intel.com (mailing list archive)
State Superseded, archived
Delegated to: akhil goyal
Headers
Series cryptodev: add dh verify option |

Checks

Context Check Description
ci/checkpatch warning coding style issues
ci/iol-testing warning apply patch failure

Commit Message

Arkadiusz Kusztal April 13, 2022, 2:03 p.m. UTC 
  For some elliptic curves public point in DH exchange
needs to be checked, if lays on the curve.
Modular exponentiation needs certain checks as well, though
mathematically much easier.
This commit adds verify option to asym_op operations.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/cryptodev/rte_crypto_asym.h | 19 +++++++++++++++++++
 lib/cryptodev/rte_cryptodev.c   |  1 +
 2 files changed, 20 insertions(+)

Comments

Akhil Goyal May 16, 2022, 6:50 p.m. UTC | #1 
> For some elliptic curves public point in DH exchange
> needs to be checked, if lays on the curve.
> Modular exponentiation needs certain checks as well, though
> mathematically much easier.
> This commit adds verify option to asym_op operations.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  lib/cryptodev/rte_crypto_asym.h | 19 +++++++++++++++++++
>  lib/cryptodev/rte_cryptodev.c   |  1 +
>  2 files changed, 20 insertions(+)
> 
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 5b30083f30..c4f4afa07f 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -117,6 +117,8 @@ enum rte_crypto_asym_op_type {
>  	/**< DH Public Key generation operation */
>  	RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE,
>  	/**< DH Shared Secret compute operation */
> +	RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY,

I think RTE_CRYPTO_ASYM_OP_DH_PUB_KEY_VERIFY is a better name.

> +	/**< DH Public Key Verification */
>  	RTE_CRYPTO_ASYM_OP_LIST_END
>  };
> 
> @@ -412,6 +414,11 @@ struct rte_crypto_dh_op_param {
>  	 * For ECDH it is a point on the curve.
>  	 * Output for RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE
>  	 * Input for RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE
> +	 * Input for RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY
> +	 *
> +	 * VERIFY option can be used only for elliptic curve
> +	 * point validation, for FFDH (DH) it is user's reponsability
> +	 * to check the public key accordingly.
>  	 */
> 
>  	union {
> @@ -424,6 +431,18 @@ struct rte_crypto_dh_op_param {
>  	 * For ECDH it is a point on the curve.
>  	 * Output for RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE
>  	 */
> +	 uint16_t flags;
> +	 /*
> +	  * Diffie-Hellman operation flags
> +	  * Flag                | Bit pos |      Description
> +	  *--------------------------------------------------------------------------------
> +	  *                     |         | If set to 1 - verification will use all four
> +	  * Full verification   |    0    | steps of point verification (full validation),
> +	  *                     |         | otherwise three (partial validation - default).
> +	  *--------------------------------------------------------------------------------
> +	  * Reserved            |   1-15  | Reserved
> +	  */

Instead of adding these comments. It is better to define macros for each of the flags.
Give reference of the macros in the comments here.

> +
>  };
> 
>  /**
> diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
> index 3500a2d470..2679ef54f8 100644
> --- a/lib/cryptodev/rte_cryptodev.c
> +++ b/lib/cryptodev/rte_cryptodev.c
> @@ -181,6 +181,7 @@ const char *rte_crypto_asym_op_strings[] = {
>  	[RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE]	=
> "priv_key_generate",
>  	[RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE] =
> "pub_key_generate",
>  	[RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE] =
> "sharedsecret_compute",
> +	[RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY] = "dh_pubkey_verify",
>  };
> 
>  /**
> --
> 2.13.6
diff mbox series

Patch

diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 5b30083f30..c4f4afa07f 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -117,6 +117,8 @@  enum rte_crypto_asym_op_type {
 	/**< DH Public Key generation operation */
 	RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE,
 	/**< DH Shared Secret compute operation */
+	RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY,
+	/**< DH Public Key Verification */
 	RTE_CRYPTO_ASYM_OP_LIST_END
 };
 
@@ -412,6 +414,11 @@  struct rte_crypto_dh_op_param {
 	 * For ECDH it is a point on the curve.
 	 * Output for RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE
 	 * Input for RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE
+	 * Input for RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY
+	 *
+	 * VERIFY option can be used only for elliptic curve
+	 * point validation, for FFDH (DH) it is user's reponsability
+	 * to check the public key accordingly.
 	 */
 
 	union {
@@ -424,6 +431,18 @@  struct rte_crypto_dh_op_param {
 	 * For ECDH it is a point on the curve.
 	 * Output for RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE
 	 */
+	 uint16_t flags;
+	 /*
+	  * Diffie-Hellman operation flags
+	  * Flag                | Bit pos |      Description
+	  *--------------------------------------------------------------------------------
+	  *                     |         | If set to 1 - verification will use all four
+	  * Full verification   |    0    | steps of point verification (full validation),
+	  *                     |         | otherwise three (partial validation - default).
+	  *--------------------------------------------------------------------------------
+	  * Reserved            |   1-15  | Reserved
+	  */
+
 };
 
 /**
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 3500a2d470..2679ef54f8 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -181,6 +181,7 @@  const char *rte_crypto_asym_op_strings[] = {
 	[RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE]	= "priv_key_generate",
 	[RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE] = "pub_key_generate",
 	[RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE] = "sharedsecret_compute",
+	[RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY] = "dh_pubkey_verify",
 };
 
 /**