diff mbox series

[v2,06/14] cryptodev: move dh type from xform to dh op

Message ID 20220525155324.9288-7-arkadiuszx.kusztal@intel.com (mailing list archive)
State Superseded
Delegated to: akhil goyal
Headers show
Series cryptodev: rsa, dh, ecdh changes | expand

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Kusztal, ArkadiuszX May 25, 2022, 3:53 p.m. UTC
- Moved dh operation type to dh operation struct.
Operation type (PUBLIC_KEY_GENERATION, SHARED_SECRET) should
be free to choose for any operation. One xform/session should
be enough to perform both DH operations, if op_type would be xform
member, session would have to be to be created twice for the same
group. Similar problem would be observed in sessionless case.
Additionally, it will help extend DH to support Elliptic Curves.
- Changed order of Diffie-Hellman operation phases.
Now it corresponds with the order of operations.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 app/test/test_cryptodev_asym.c               | 11 +++++------
 drivers/crypto/openssl/rte_openssl_pmd.c     | 15 ++++++---------
 drivers/crypto/openssl/rte_openssl_pmd_ops.c | 27 ---------------------------
 lib/cryptodev/rte_crypto_asym.h              | 22 ++++++++++------------
 4 files changed, 21 insertions(+), 54 deletions(-)

Comments

Akhil Goyal May 26, 2022, 11:23 a.m. UTC | #1
> - Moved dh operation type to dh operation struct.
> Operation type (PUBLIC_KEY_GENERATION, SHARED_SECRET) should
> be free to choose for any operation. One xform/session should
> be enough to perform both DH operations, if op_type would be xform
> member, session would have to be to be created twice for the same
> group. Similar problem would be observed in sessionless case.
> Additionally, it will help extend DH to support Elliptic Curves.
> - Changed order of Diffie-Hellman operation phases.
> Now it corresponds with the order of operations.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
diff mbox series

Patch

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 1b77aa2b6a..a151051165 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -1062,8 +1062,8 @@  test_dh_gen_shared_sec(struct rte_crypto_asym_xform *xfrm)
 	asym_op = op->asym;
 
 	/* Setup a xform and op to generate private key only */
-	xform.dh.type = RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE;
 	xform.next = NULL;
+	asym_op->dh.op_type = RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE;
 	asym_op->dh.priv_key.data = dh_test_params.priv_key.data;
 	asym_op->dh.priv_key.length = dh_test_params.priv_key.length;
 	asym_op->dh.pub_key.data = (uint8_t *)peer;
@@ -1144,8 +1144,8 @@  test_dh_gen_priv_key(struct rte_crypto_asym_xform *xfrm)
 	asym_op = op->asym;
 
 	/* Setup a xform and op to generate private key only */
-	xform.dh.type = RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE;
 	xform.next = NULL;
+	asym_op->dh.op_type = RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE;
 	asym_op->dh.priv_key.data = output;
 	asym_op->dh.priv_key.length = sizeof(output);
 
@@ -1227,9 +1227,9 @@  test_dh_gen_pub_key(struct rte_crypto_asym_xform *xfrm)
 	 * using test private key
 	 *
 	 */
-	xform.dh.type = RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE;
 	xform.next = NULL;
 
+	asym_op->dh.op_type = RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE;
 	asym_op->dh.pub_key.data = output;
 	asym_op->dh.pub_key.length = sizeof(output);
 	/* load pre-defined private key */
@@ -1318,15 +1318,14 @@  test_dh_gen_kp(struct rte_crypto_asym_xform *xfrm)
 	 * private key first followed by
 	 * public key
 	 */
-	xform.dh.type = RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE;
 	pub_key_xform.xform_type = RTE_CRYPTO_ASYM_XFORM_DH;
-	pub_key_xform.dh.type = RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE;
 	xform.next = &pub_key_xform;
 
+	asym_op->dh.op_type = RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE;
 	asym_op->dh.pub_key.data = out_pub_key;
 	asym_op->dh.pub_key.length = sizeof(out_pub_key);
 	asym_op->dh.priv_key.data = out_prv_key;
-	asym_op->dh.priv_key.length = sizeof(out_prv_key);
+	asym_op->dh.priv_key.length = 0;
 
 	ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
 	if (ret < 0) {
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 2a3930df0a..4e11770864 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1692,12 +1692,12 @@  process_openssl_dh_op(struct rte_crypto_op *cop,
 		struct openssl_asym_session *sess)
 {
 	struct rte_crypto_dh_op_param *op = &cop->asym->dh;
+	struct rte_crypto_asym_op *asym_op = cop->asym;
 	DH *dh_key = sess->u.dh.dh_key;
 	BIGNUM *priv_key = NULL;
 	int ret = 0;
 
-	if (sess->u.dh.key_op &
-			(1 << RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE)) {
+	if (asym_op->dh.op_type == RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE) {
 		/* compute shared secret using peer public key
 		 * and current private key
 		 * shared secret = peer_key ^ priv_key mod p
@@ -1753,10 +1753,8 @@  process_openssl_dh_op(struct rte_crypto_op *cop,
 	 * if user provides private key,
 	 * then first set DH with user provided private key
 	 */
-	if ((sess->u.dh.key_op &
-			(1 << RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE)) &&
-			!(sess->u.dh.key_op &
-			(1 << RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE))) {
+	if (asym_op->dh.op_type == RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE &&
+			op->priv_key.length) {
 		/* generate public key using user-provided private key
 		 * pub_key = g ^ priv_key mod p
 		 */
@@ -1790,7 +1788,7 @@  process_openssl_dh_op(struct rte_crypto_op *cop,
 		return 0;
 	}
 
-	if (sess->u.dh.key_op & (1 << RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE)) {
+	if (asym_op->dh.op_type == RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE) {
 		const BIGNUM *pub_key = NULL;
 
 		OPENSSL_LOG(DEBUG, "%s:%d update public key\n",
@@ -1804,8 +1802,7 @@  process_openssl_dh_op(struct rte_crypto_op *cop,
 				op->pub_key.data);
 	}
 
-	if (sess->u.dh.key_op &
-			(1 << RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE)) {
+	if (asym_op->dh.op_type == RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE) {
 		const BIGNUM *priv_key = NULL;
 
 		OPENSSL_LOG(DEBUG, "%s:%d updated priv key\n",
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index c975ef640a..16ec5e15eb 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -999,33 +999,6 @@  static int openssl_set_asym_session_parameters(
 			DH_free(dh);
 			goto err_dh;
 		}
-
-		/*
-		 * setup xfrom for
-		 * public key generate, or
-		 * DH Priv key generate, or both
-		 * public and private key generate
-		 */
-		asym_session->u.dh.key_op = (1 << xform->dh.type);
-
-		if (xform->dh.type ==
-			RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE) {
-			/* check if next is pubkey */
-			if ((xform->next != NULL) &&
-				(xform->next->xform_type ==
-				RTE_CRYPTO_ASYM_XFORM_DH) &&
-				(xform->next->dh.type ==
-				RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE)
-				) {
-				/*
-				 * setup op as pub/priv key
-				 * pair generationi
-				 */
-				asym_session->u.dh.key_op |=
-				(1 <<
-				RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE);
-			}
-		}
 		asym_session->u.dh.dh_key = dh;
 		asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DH;
 		break;
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 1a77a74478..ffb0e8ed17 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -248,8 +248,6 @@  struct rte_crypto_modinv_xform {
  *
  */
 struct rte_crypto_dh_xform {
-	enum rte_crypto_asym_ke_type type;
-	/**< Setup xform for key generate or shared secret compute */
 	rte_crypto_uint p;
 	/**< Prime modulus data */
 	rte_crypto_uint g;
@@ -377,15 +375,8 @@  struct rte_crypto_rsa_op_param {
  * @note:
  */
 struct rte_crypto_dh_op_param {
-	rte_crypto_uint pub_key;
-	/**<
-	 * Output - generated public key, when xform type is
-	 * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE.
-	 *
-	 * Input - peer's public key, when xform type is
-	 * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
-	 */
-
+	enum rte_crypto_asym_ke_type op_type;
+	/**< Key exchange operation type */
 	rte_crypto_uint priv_key;
 	/**<
 	 * Output - generated private key, when xform type is
@@ -400,7 +391,14 @@  struct rte_crypto_dh_op_param {
 	 * device will generate private key and use it for public
 	 * key generation.
 	 */
-
+	rte_crypto_uint pub_key;
+	/**<
+	 * Output - generated public key, when xform type is
+	 * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE.
+	 *
+	 * Input - peer's public key, when xform type is
+	 * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
+	 */
 	rte_crypto_uint shared_secret;
 	/**<
 	 * Output - calculated shared secret when xform type is