From patchwork Wed Apr 13 14:03:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 109701 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 932E2A050C; Wed, 13 Apr 2022 16:26:05 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D33C9427F6; Wed, 13 Apr 2022 16:26:00 +0200 (CEST) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mails.dpdk.org (Postfix) with ESMTP id D72424068B for ; Wed, 13 Apr 2022 16:25:58 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1649859959; x=1681395959; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=3sRK2Vza0qId1S4MAMk73SJFH8lNPAVCiD5SS/1N+Js=; b=Rib88FqKvlNifM/uk6lod7OuLpC6IkKntJiNo8SKCcZO7moPcvkQb7OY 6T+0HpnsZDtRnU1A7brGZmO9aUC0JDo9oRHNu33BfkqoUbhpizDvA6dXD IVP+89kFeG0TW4/9hB38v+wgssy/zUem0bREOmIYkppolqDNo8A2DTaXb JBT0Z/vQwDY0OLpKsibu9Px0muiIsq0cabTSd20jkc9626n86UTMX9s03 MPz9KqXEb8ZlKHUQN0ewmNhMfzQIYAk7l1h5BhyTWCrGTlTX5oAOOe0xO 6J6IRzTiLcJcD9c1fakcnAV8LU9jpEYu4cXUP4RnO718ayNrtRR2URp/y g==; X-IronPort-AV: E=McAfee;i="6400,9594,10315"; a="262857171" X-IronPort-AV: E=Sophos;i="5.90,257,1643702400"; d="scan'208";a="262857171" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Apr 2022 07:03:33 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,257,1643702400"; d="scan'208";a="526950923" Received: from silpixa00400308.ir.intel.com ([10.237.214.95]) by orsmga006.jf.intel.com with ESMTP; 13 Apr 2022 07:03:31 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v2 1/2] cryptodev: add dh verify option Date: Wed, 13 Apr 2022 15:03:26 +0100 Message-Id: <20220413140327.12915-2-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220413140327.12915-1-arkadiuszx.kusztal@intel.com> References: <20220413140327.12915-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org For some elliptic curves public point in DH exchange needs to be checked, if lays on the curve. Modular exponentiation needs certain checks as well, though mathematically much easier. This commit adds verify option to asym_op operations. Signed-off-by: Arek Kusztal --- lib/cryptodev/rte_crypto_asym.h | 19 +++++++++++++++++++ lib/cryptodev/rte_cryptodev.c | 1 + 2 files changed, 20 insertions(+) diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 5b30083f30..c4f4afa07f 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -117,6 +117,8 @@ enum rte_crypto_asym_op_type { /**< DH Public Key generation operation */ RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE, /**< DH Shared Secret compute operation */ + RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY, + /**< DH Public Key Verification */ RTE_CRYPTO_ASYM_OP_LIST_END }; @@ -412,6 +414,11 @@ struct rte_crypto_dh_op_param { * For ECDH it is a point on the curve. * Output for RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE * Input for RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE + * Input for RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY + * + * VERIFY option can be used only for elliptic curve + * point validation, for FFDH (DH) it is user's reponsability + * to check the public key accordingly. */ union { @@ -424,6 +431,18 @@ struct rte_crypto_dh_op_param { * For ECDH it is a point on the curve. * Output for RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE */ + uint16_t flags; + /* + * Diffie-Hellman operation flags + * Flag | Bit pos | Description + *-------------------------------------------------------------------------------- + * | | If set to 1 - verification will use all four + * Full verification | 0 | steps of point verification (full validation), + * | | otherwise three (partial validation - default). + *-------------------------------------------------------------------------------- + * Reserved | 1-15 | Reserved + */ + }; /** diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c index 3500a2d470..2679ef54f8 100644 --- a/lib/cryptodev/rte_cryptodev.c +++ b/lib/cryptodev/rte_cryptodev.c @@ -181,6 +181,7 @@ const char *rte_crypto_asym_op_strings[] = { [RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE] = "priv_key_generate", [RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE] = "pub_key_generate", [RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE] = "sharedsecret_compute", + [RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY] = "dh_pubkey_verify", }; /** From patchwork Wed Apr 13 14:03:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 109702 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id DF561A050C; Wed, 13 Apr 2022 16:26:09 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B361942801; Wed, 13 Apr 2022 16:26:01 +0200 (CEST) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mails.dpdk.org (Postfix) with ESMTP id A19C34068B for ; Wed, 13 Apr 2022 16:25:59 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1649859959; x=1681395959; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=PBPyTfjNKtgfKLxnby1jnNJA4tnD6ySlZab8CILX0m8=; b=ZvZF28VoAtBzwCFhyeWrlRX8wELeenz13K5kwjW//rO6f5QrmUwzpTkh /Pl9k3Hqw8MBI7bCQOb1A7CvUXwy0LIoCVh2rf33YmF7Tt3WKNGSjLsoZ 5jRKEznDa6LLO2mDHZBLkKSTDUNEzivl1RvW0uO1JFwB9x2Csn31mAq5e qF68dqt9ofoF4iqWw52m06i+JLn3tHfekWBDuu66p7hpIecqhOJKtiHRx NBG758JQZ/tMFLKIK7/DWRKTnnNM+o68EDQ21Ub8jj1fq3tK4kgNwL5D0 ddCIVP5s/aYE9vMvf3MeYorsjYRoS7YYh7v27cNAS9fFlm7qtqpPkG16p A==; X-IronPort-AV: E=McAfee;i="6400,9594,10315"; a="262857175" X-IronPort-AV: E=Sophos;i="5.90,257,1643702400"; d="scan'208";a="262857175" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Apr 2022 07:03:34 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,257,1643702400"; d="scan'208";a="526950936" Received: from silpixa00400308.ir.intel.com ([10.237.214.95]) by orsmga006.jf.intel.com with ESMTP; 13 Apr 2022 07:03:33 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v2 2/2] cryptodev: add dh padding options Date: Wed, 13 Apr 2022 15:03:27 +0100 Message-Id: <20220413140327.12915-3-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220413140327.12915-1-arkadiuszx.kusztal@intel.com> References: <20220413140327.12915-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Diffie-Hellman padding is used in certain protocols, in others, leading zero bytes need to be stripped. Even same protocol may use a different approach - most glaring example is TLS1.2 - TLS1.3. To make the user life easier, and to avoid additional copy on certain occasions, driver should be able to return both. Signed-off-by: Arek Kusztal --- lib/cryptodev/rte_crypto_asym.h | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index c4f4afa07f..e757663e8e 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -440,7 +440,15 @@ struct rte_crypto_dh_op_param { * Full verification | 0 | steps of point verification (full validation), * | | otherwise three (partial validation - default). *-------------------------------------------------------------------------------- - * Reserved | 1-15 | Reserved + * | | If set to 1 - public key will be returned + * Public key padding | 1 | without leading zero bytes, otherwise it will be + * | | padded to the left with zero bytes (default) + *-------------------------------------------------------------------------------- + * | | If set to 1 - shared key will be returned + * Shared key padding | 2 | without leading zero bytes, otherwise it will be + * | | padded to the left with zero bytes (default) + *-------------------------------------------------------------------------------- + * Reserved | 3-15 | Reserved */ };