From patchwork Wed Apr 13 14:03:26 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
X-Patchwork-Id: 109701
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 932E2A050C;
	Wed, 13 Apr 2022 16:26:05 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id D33C9427F6;
	Wed, 13 Apr 2022 16:26:00 +0200 (CEST)
Received: from mga14.intel.com (mga14.intel.com [192.55.52.115])
 by mails.dpdk.org (Postfix) with ESMTP id D72424068B
 for <dev@dpdk.org>; Wed, 13 Apr 2022 16:25:58 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1649859959; x=1681395959;
 h=from:to:cc:subject:date:message-id:in-reply-to: references;
 bh=3sRK2Vza0qId1S4MAMk73SJFH8lNPAVCiD5SS/1N+Js=;
 b=Rib88FqKvlNifM/uk6lod7OuLpC6IkKntJiNo8SKCcZO7moPcvkQb7OY
 6T+0HpnsZDtRnU1A7brGZmO9aUC0JDo9oRHNu33BfkqoUbhpizDvA6dXD
 IVP+89kFeG0TW4/9hB38v+wgssy/zUem0bREOmIYkppolqDNo8A2DTaXb
 JBT0Z/vQwDY0OLpKsibu9Px0muiIsq0cabTSd20jkc9626n86UTMX9s03
 MPz9KqXEb8ZlKHUQN0ewmNhMfzQIYAk7l1h5BhyTWCrGTlTX5oAOOe0xO
 6J6IRzTiLcJcD9c1fakcnAV8LU9jpEYu4cXUP4RnO718ayNrtRR2URp/y g==;
X-IronPort-AV: E=McAfee;i="6400,9594,10315"; a="262857171"
X-IronPort-AV: E=Sophos;i="5.90,257,1643702400"; d="scan'208";a="262857171"
Received: from orsmga006.jf.intel.com ([10.7.209.51])
 by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 13 Apr 2022 07:03:33 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.90,257,1643702400"; d="scan'208";a="526950923"
Received: from silpixa00400308.ir.intel.com ([10.237.214.95])
 by orsmga006.jf.intel.com with ESMTP; 13 Apr 2022 07:03:31 -0700
From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
To: dev@dpdk.org
Cc: gakhil@marvell.com, roy.fan.zhang@intel.com,
 Arek Kusztal <arkadiuszx.kusztal@intel.com>
Subject: [PATCH v2 1/2] cryptodev: add dh verify option
Date: Wed, 13 Apr 2022 15:03:26 +0100
Message-Id: <20220413140327.12915-2-arkadiuszx.kusztal@intel.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20220413140327.12915-1-arkadiuszx.kusztal@intel.com>
References: <20220413140327.12915-1-arkadiuszx.kusztal@intel.com>
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

For some elliptic curves public point in DH exchange
needs to be checked, if lays on the curve.
Modular exponentiation needs certain checks as well, though
mathematically much easier.
This commit adds verify option to asym_op operations.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/cryptodev/rte_crypto_asym.h | 19 +++++++++++++++++++
 lib/cryptodev/rte_cryptodev.c   |  1 +
 2 files changed, 20 insertions(+)

diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 5b30083f30..c4f4afa07f 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -117,6 +117,8 @@ enum rte_crypto_asym_op_type {
 	/**< DH Public Key generation operation */
 	RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE,
 	/**< DH Shared Secret compute operation */
+	RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY,
+	/**< DH Public Key Verification */
 	RTE_CRYPTO_ASYM_OP_LIST_END
 };
 
@@ -412,6 +414,11 @@ struct rte_crypto_dh_op_param {
 	 * For ECDH it is a point on the curve.
 	 * Output for RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE
 	 * Input for RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE
+	 * Input for RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY
+	 *
+	 * VERIFY option can be used only for elliptic curve
+	 * point validation, for FFDH (DH) it is user's reponsability
+	 * to check the public key accordingly.
 	 */
 
 	union {
@@ -424,6 +431,18 @@ struct rte_crypto_dh_op_param {
 	 * For ECDH it is a point on the curve.
 	 * Output for RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE
 	 */
+	 uint16_t flags;
+	 /*
+	  * Diffie-Hellman operation flags
+	  * Flag                | Bit pos |      Description
+	  *--------------------------------------------------------------------------------
+	  *                     |         | If set to 1 - verification will use all four
+	  * Full verification   |    0    | steps of point verification (full validation),
+	  *                     |         | otherwise three (partial validation - default).
+	  *--------------------------------------------------------------------------------
+	  * Reserved            |   1-15  | Reserved
+	  */
+
 };
 
 /**
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 3500a2d470..2679ef54f8 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -181,6 +181,7 @@ const char *rte_crypto_asym_op_strings[] = {
 	[RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE]	= "priv_key_generate",
 	[RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE] = "pub_key_generate",
 	[RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE] = "sharedsecret_compute",
+	[RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY] = "dh_pubkey_verify",
 };
 
 /**