diff mbox series

[v2,08/14] cryptodev: add public key verify option

Message ID	20220525155324.9288-9-arkadiuszx.kusztal@intel.com (mailing list archive)
State	Superseded, archived
Delegated to:	akhil goyal
Headers	From: Arek Kusztal <arkadiuszx.kusztal@intel.com> To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal <arkadiuszx.kusztal@intel.com> Subject: [PATCH v2 08/14] cryptodev: add public key verify option Date: Wed, 25 May 2022 16:53:18 +0100 Message-Id: <20220525155324.9288-9-arkadiuszx.kusztal@intel.com> In-Reply-To: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> References: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> Precedence: list Errors-To: dev-bounces@dpdk.org
Series	cryptodev: rsa, dh, ecdh changes \| [v2,00/14] cryptodev: rsa, dh, ecdh changes [v2,01/14] cryptodev: redefine ec group enum [v2,02/14] cryptodev: reduce number of comments in asym xform [v2,03/14] cryptodev: separate key exchange operation enum [v2,04/14] cryptodev: remove comment about using ephemeral key in dsa [v2,05/14] cryptodev: clarify usage of private key in dh [v2,06/14] cryptodev: move dh type from xform to dh op [v2,07/14] cryptodev: add elliptic curve diffie hellman [v2,08/14] cryptodev: add public key verify option [v2,09/14] cryptodev: add asym op flags [v2,10/14] cryptodev: clarify usage of rsa padding hash [v2,11/14] cryptodev: move RSA padding into separate struct [v2,12/14] cryptodev: clarify rsa verify with none padding [v2,13/14] cryptodev: add salt length and optional label [v2,14/14] cryptodev: add asym algorithms capabilities

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK

Commit Message

Arkadiusz Kusztal May 25, 2022, 3:53 p.m. UTC

  - Added key exchange public key verify option.
For some elliptic curves public point in DH exchange
needs to be checked, if it lays on the curve.
Modular exponentiation needs certain checks as well, though
mathematically much easier.
This commit adds verify option to asym_op operations.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/cryptodev/rte_crypto_asym.h | 9 ++++++---
 lib/cryptodev/rte_cryptodev.c   | 3 ++-
 2 files changed, 8 insertions(+), 4 deletions(-)

Comments

Akhil Goyal May 26, 2022, 11:34 a.m. UTC | #1

> - Added key exchange public key verify option.
> For some elliptic curves public point in DH exchange
> needs to be checked, if it lays on the curve.
> Modular exponentiation needs certain checks as well, though
> mathematically much easier.
> This commit adds verify option to asym_op operations.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  lib/cryptodev/rte_crypto_asym.h | 9 ++++++---
>  lib/cryptodev/rte_cryptodev.c   | 3 ++-
>  2 files changed, 8 insertions(+), 4 deletions(-)
> 
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 0dab7c0593..3eafaecbbe 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -141,8 +141,10 @@ enum rte_crypto_asym_ke_type {
>  	/**< Private Key generation operation */
>  	RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE,
>  	/**< Public Key generation operation */
> -	RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
> +	RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE,
>  	/**< Shared Secret compute operation */
> +	RTE_CRYPTO_ASYM_KE_EC_PUBLIC_KEY_VERIFY,
> +	/**< Public Key Verification */

If this is not for DH and only for ECDH, then specify this in comments also.
But IMO, it will be OK to use RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY.
If it is not valid to use it for DH, we can mention in comments.

>  };
> 
>  /**
> @@ -434,8 +436,9 @@ struct rte_crypto_ecdh_op_param {
>  	 * Output - generated public key, when xform type is
>  	 * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE.
>  	 *
> -	 * Input - peer's public key, when xform type is
> -	 * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
> +	 * Input - peer's public key, when xform type is one of:
> +	 * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE,
> +	 * RTE_CRYPTO_ASYM_KE_EC_PUBLIC_KEY_VERIFY.
>  	 */
>  	struct rte_crypto_ec_point shared_secret;
>  	/**<
> diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
> index af58f49d07..57ee6b3f07 100644
> --- a/lib/cryptodev/rte_cryptodev.c
> +++ b/lib/cryptodev/rte_cryptodev.c
> @@ -185,7 +185,8 @@ const char *rte_crypto_asym_op_strings[] = {
>  const char *rte_crypto_asym_ke_strings[] = {
>  	[RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE] =
> "priv_key_generate",
>  	[RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE] =
> "pub_key_generate",
> -	[RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE] =
> "sharedsecret_compute"
> +	[RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE] =
> "sharedsecret_compute",
> +	[RTE_CRYPTO_ASYM_KE_EC_PUBLIC_KEY_VERIFY] =
> "pub_ec_key_verify"
>  };
> 
>  /**
> --
> 2.13.6

Arkadiusz Kusztal May 26, 2022, 11:46 a.m. UTC | #2

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Thursday, May 26, 2022 1:34 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com>
> Subject: RE: [EXT] [PATCH v2 08/14] cryptodev: add public key verify option
> 
> > - Added key exchange public key verify option.
> > For some elliptic curves public point in DH exchange needs to be
> > checked, if it lays on the curve.
> > Modular exponentiation needs certain checks as well, though
> > mathematically much easier.
> > This commit adds verify option to asym_op operations.
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> >  lib/cryptodev/rte_crypto_asym.h | 9 ++++++---
> >  lib/cryptodev/rte_cryptodev.c   | 3 ++-
> >  2 files changed, 8 insertions(+), 4 deletions(-)
> >
> > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > b/lib/cryptodev/rte_crypto_asym.h index 0dab7c0593..3eafaecbbe 100644
> > --- a/lib/cryptodev/rte_crypto_asym.h
> > +++ b/lib/cryptodev/rte_crypto_asym.h
> > @@ -141,8 +141,10 @@ enum rte_crypto_asym_ke_type {
> >  	/**< Private Key generation operation */
> >  	RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE,
> >  	/**< Public Key generation operation */
> > -	RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
> > +	RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE,
> >  	/**< Shared Secret compute operation */
> > +	RTE_CRYPTO_ASYM_KE_EC_PUBLIC_KEY_VERIFY,
> > +	/**< Public Key Verification */
> 
> If this is not for DH and only for ECDH, then specify this in comments also.
> But IMO, it will be OK to use RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY.
> If it is not valid to use it for DH, we can mention in comments.
+1
> 
> >  };
> >
> >  /**
> > @@ -434,8 +436,9 @@ struct rte_crypto_ecdh_op_param {
> >  	 * Output - generated public key, when xform type is
> >  	 * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE.
> >  	 *
> > -	 * Input - peer's public key, when xform type is
> > -	 * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
> > +	 * Input - peer's public key, when xform type is one of:
> > +	 * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE,
> > +	 * RTE_CRYPTO_ASYM_KE_EC_PUBLIC_KEY_VERIFY.
> >  	 */
> >  	struct rte_crypto_ec_point shared_secret;
> >  	/**<
> > diff --git a/lib/cryptodev/rte_cryptodev.c
> > b/lib/cryptodev/rte_cryptodev.c index af58f49d07..57ee6b3f07 100644
> > --- a/lib/cryptodev/rte_cryptodev.c
> > +++ b/lib/cryptodev/rte_cryptodev.c
> > @@ -185,7 +185,8 @@ const char *rte_crypto_asym_op_strings[] = {
> > const char *rte_crypto_asym_ke_strings[] = {
> >  	[RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE] =
> "priv_key_generate",
> >  	[RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE] =
> "pub_key_generate",
> > -	[RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE] =
> > "sharedsecret_compute"
> > +	[RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE] =
> > "sharedsecret_compute",
> > +	[RTE_CRYPTO_ASYM_KE_EC_PUBLIC_KEY_VERIFY] =
> > "pub_ec_key_verify"
> >  };
> >
> >  /**
> > --
> > 2.13.6

diff mbox series

Patch

diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 0dab7c0593..3eafaecbbe 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -141,8 +141,10 @@  enum rte_crypto_asym_ke_type {
 	/**< Private Key generation operation */
 	RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE,
 	/**< Public Key generation operation */
-	RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
+	RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE,
 	/**< Shared Secret compute operation */
+	RTE_CRYPTO_ASYM_KE_EC_PUBLIC_KEY_VERIFY,
+	/**< Public Key Verification */
 };
 
 /**
@@ -434,8 +436,9 @@  struct rte_crypto_ecdh_op_param {
 	 * Output - generated public key, when xform type is
 	 * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE.
 	 *
-	 * Input - peer's public key, when xform type is
-	 * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
+	 * Input - peer's public key, when xform type is one of:
+	 * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE,
+	 * RTE_CRYPTO_ASYM_KE_EC_PUBLIC_KEY_VERIFY.
 	 */
 	struct rte_crypto_ec_point shared_secret;
 	/**<
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index af58f49d07..57ee6b3f07 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -185,7 +185,8 @@  const char *rte_crypto_asym_op_strings[] = {
 const char *rte_crypto_asym_ke_strings[] = {
 	[RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE] = "priv_key_generate",
 	[RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE] = "pub_key_generate",
-	[RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE] = "sharedsecret_compute"
+	[RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE] = "sharedsecret_compute",
+	[RTE_CRYPTO_ASYM_KE_EC_PUBLIC_KEY_VERIFY] = "pub_ec_key_verify"
 };
 
 /**