* [PATCH v2 0/2] cryptodev: add dh verify option @ 2022-04-13 14:03 Arek Kusztal 2022-04-13 14:03 ` [PATCH v2 1/2] " Arek Kusztal 2022-04-13 14:03 ` [PATCH v2 2/2] cryptodev: add dh padding options Arek Kusztal 0 siblings, 2 replies; 5+ messages in thread From: Arek Kusztal @ 2022-04-13 14:03 UTC (permalink / raw) To: dev; +Cc: gakhil, roy.fan.zhang, Arek Kusztal This patchset adds verify and padding option to Cryptodev Diffie-Hellman op. Verify - obligatory in all mainstream protocols, in Cryptodev only Weierstrass Elliptic-Curve point verification was included. FFDH or curves 448/25519 verification is easy enough to be done by the user. Padding - different approach may be found in different protocols, but it is very often that protocol requires zero-byte left padding. Depends-on: patch-109409 ("cryptodev: add elliptic curve diffie hellman") Arek Kusztal (2): cryptodev: add dh verify option cryptodev: add dh padding options lib/cryptodev/rte_crypto_asym.h | 27 +++++++++++++++++++++++++++ lib/cryptodev/rte_cryptodev.c | 1 + 2 files changed, 28 insertions(+) -- 2.13.6 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v2 1/2] cryptodev: add dh verify option 2022-04-13 14:03 [PATCH v2 0/2] cryptodev: add dh verify option Arek Kusztal @ 2022-04-13 14:03 ` Arek Kusztal 2022-05-16 18:50 ` [EXT] " Akhil Goyal 2022-04-13 14:03 ` [PATCH v2 2/2] cryptodev: add dh padding options Arek Kusztal 1 sibling, 1 reply; 5+ messages in thread From: Arek Kusztal @ 2022-04-13 14:03 UTC (permalink / raw) To: dev; +Cc: gakhil, roy.fan.zhang, Arek Kusztal For some elliptic curves public point in DH exchange needs to be checked, if lays on the curve. Modular exponentiation needs certain checks as well, though mathematically much easier. This commit adds verify option to asym_op operations. Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com> --- lib/cryptodev/rte_crypto_asym.h | 19 +++++++++++++++++++ lib/cryptodev/rte_cryptodev.c | 1 + 2 files changed, 20 insertions(+) diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 5b30083f30..c4f4afa07f 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -117,6 +117,8 @@ enum rte_crypto_asym_op_type { /**< DH Public Key generation operation */ RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE, /**< DH Shared Secret compute operation */ + RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY, + /**< DH Public Key Verification */ RTE_CRYPTO_ASYM_OP_LIST_END }; @@ -412,6 +414,11 @@ struct rte_crypto_dh_op_param { * For ECDH it is a point on the curve. * Output for RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE * Input for RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE + * Input for RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY + * + * VERIFY option can be used only for elliptic curve + * point validation, for FFDH (DH) it is user's reponsability + * to check the public key accordingly. */ union { @@ -424,6 +431,18 @@ struct rte_crypto_dh_op_param { * For ECDH it is a point on the curve. * Output for RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE */ + uint16_t flags; + /* + * Diffie-Hellman operation flags + * Flag | Bit pos | Description + *-------------------------------------------------------------------------------- + * | | If set to 1 - verification will use all four + * Full verification | 0 | steps of point verification (full validation), + * | | otherwise three (partial validation - default). + *-------------------------------------------------------------------------------- + * Reserved | 1-15 | Reserved + */ + }; /** diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c index 3500a2d470..2679ef54f8 100644 --- a/lib/cryptodev/rte_cryptodev.c +++ b/lib/cryptodev/rte_cryptodev.c @@ -181,6 +181,7 @@ const char *rte_crypto_asym_op_strings[] = { [RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE] = "priv_key_generate", [RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE] = "pub_key_generate", [RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE] = "sharedsecret_compute", + [RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY] = "dh_pubkey_verify", }; /** -- 2.13.6 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* RE: [EXT] [PATCH v2 1/2] cryptodev: add dh verify option 2022-04-13 14:03 ` [PATCH v2 1/2] " Arek Kusztal @ 2022-05-16 18:50 ` Akhil Goyal 0 siblings, 0 replies; 5+ messages in thread From: Akhil Goyal @ 2022-05-16 18:50 UTC (permalink / raw) To: Arek Kusztal, dev; +Cc: roy.fan.zhang > For some elliptic curves public point in DH exchange > needs to be checked, if lays on the curve. > Modular exponentiation needs certain checks as well, though > mathematically much easier. > This commit adds verify option to asym_op operations. > > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com> > --- > lib/cryptodev/rte_crypto_asym.h | 19 +++++++++++++++++++ > lib/cryptodev/rte_cryptodev.c | 1 + > 2 files changed, 20 insertions(+) > > diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h > index 5b30083f30..c4f4afa07f 100644 > --- a/lib/cryptodev/rte_crypto_asym.h > +++ b/lib/cryptodev/rte_crypto_asym.h > @@ -117,6 +117,8 @@ enum rte_crypto_asym_op_type { > /**< DH Public Key generation operation */ > RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE, > /**< DH Shared Secret compute operation */ > + RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY, I think RTE_CRYPTO_ASYM_OP_DH_PUB_KEY_VERIFY is a better name. > + /**< DH Public Key Verification */ > RTE_CRYPTO_ASYM_OP_LIST_END > }; > > @@ -412,6 +414,11 @@ struct rte_crypto_dh_op_param { > * For ECDH it is a point on the curve. > * Output for RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE > * Input for RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE > + * Input for RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY > + * > + * VERIFY option can be used only for elliptic curve > + * point validation, for FFDH (DH) it is user's reponsability > + * to check the public key accordingly. > */ > > union { > @@ -424,6 +431,18 @@ struct rte_crypto_dh_op_param { > * For ECDH it is a point on the curve. > * Output for RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE > */ > + uint16_t flags; > + /* > + * Diffie-Hellman operation flags > + * Flag | Bit pos | Description > + *-------------------------------------------------------------------------------- > + * | | If set to 1 - verification will use all four > + * Full verification | 0 | steps of point verification (full validation), > + * | | otherwise three (partial validation - default). > + *-------------------------------------------------------------------------------- > + * Reserved | 1-15 | Reserved > + */ Instead of adding these comments. It is better to define macros for each of the flags. Give reference of the macros in the comments here. > + > }; > > /** > diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c > index 3500a2d470..2679ef54f8 100644 > --- a/lib/cryptodev/rte_cryptodev.c > +++ b/lib/cryptodev/rte_cryptodev.c > @@ -181,6 +181,7 @@ const char *rte_crypto_asym_op_strings[] = { > [RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE] = > "priv_key_generate", > [RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE] = > "pub_key_generate", > [RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE] = > "sharedsecret_compute", > + [RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY] = "dh_pubkey_verify", > }; > > /** > -- > 2.13.6 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v2 2/2] cryptodev: add dh padding options 2022-04-13 14:03 [PATCH v2 0/2] cryptodev: add dh verify option Arek Kusztal 2022-04-13 14:03 ` [PATCH v2 1/2] " Arek Kusztal @ 2022-04-13 14:03 ` Arek Kusztal 2022-05-16 18:51 ` [EXT] " Akhil Goyal 1 sibling, 1 reply; 5+ messages in thread From: Arek Kusztal @ 2022-04-13 14:03 UTC (permalink / raw) To: dev; +Cc: gakhil, roy.fan.zhang, Arek Kusztal Diffie-Hellman padding is used in certain protocols, in others, leading zero bytes need to be stripped. Even same protocol may use a different approach - most glaring example is TLS1.2 - TLS1.3. To make the user life easier, and to avoid additional copy on certain occasions, driver should be able to return both. Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com> --- lib/cryptodev/rte_crypto_asym.h | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index c4f4afa07f..e757663e8e 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -440,7 +440,15 @@ struct rte_crypto_dh_op_param { * Full verification | 0 | steps of point verification (full validation), * | | otherwise three (partial validation - default). *-------------------------------------------------------------------------------- - * Reserved | 1-15 | Reserved + * | | If set to 1 - public key will be returned + * Public key padding | 1 | without leading zero bytes, otherwise it will be + * | | padded to the left with zero bytes (default) + *-------------------------------------------------------------------------------- + * | | If set to 1 - shared key will be returned + * Shared key padding | 2 | without leading zero bytes, otherwise it will be + * | | padded to the left with zero bytes (default) + *-------------------------------------------------------------------------------- + * Reserved | 3-15 | Reserved */ }; -- 2.13.6 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* RE: [EXT] [PATCH v2 2/2] cryptodev: add dh padding options 2022-04-13 14:03 ` [PATCH v2 2/2] cryptodev: add dh padding options Arek Kusztal @ 2022-05-16 18:51 ` Akhil Goyal 0 siblings, 0 replies; 5+ messages in thread From: Akhil Goyal @ 2022-05-16 18:51 UTC (permalink / raw) To: Arek Kusztal, dev; +Cc: roy.fan.zhang > Diffie-Hellman padding is used in certain protocols, > in others, leading zero bytes need to be stripped. > Even same protocol may use a different approach - most > glaring example is TLS1.2 - TLS1.3. > To make the user life easier, and to avoid additional copy > on certain occasions, driver should be able to return both. > > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com> > --- > lib/cryptodev/rte_crypto_asym.h | 10 +++++++++- > 1 file changed, 9 insertions(+), 1 deletion(-) > > diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h > index c4f4afa07f..e757663e8e 100644 > --- a/lib/cryptodev/rte_crypto_asym.h > +++ b/lib/cryptodev/rte_crypto_asym.h > @@ -440,7 +440,15 @@ struct rte_crypto_dh_op_param { > * Full verification | 0 | steps of point verification (full validation), > * | | otherwise three (partial validation - default). > *-------------------------------------------------------------------------------- > - * Reserved | 1-15 | Reserved > + * | | If set to 1 - public key will be returned > + * Public key padding | 1 | without leading zero bytes, otherwise it > will be > + * | | padded to the left with zero bytes (default) > + *-------------------------------------------------------------------------------- > + * | | If set to 1 - shared key will be returned > + * Shared key padding | 2 | without leading zero bytes, otherwise it > will be > + * | | padded to the left with zero bytes (default) > + *-------------------------------------------------------------------------------- > + * Reserved | 3-15 | Reserved > */ Same comment here as patch 1 of the series. Define macros. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-05-16 18:51 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-04-13 14:03 [PATCH v2 0/2] cryptodev: add dh verify option Arek Kusztal 2022-04-13 14:03 ` [PATCH v2 1/2] " Arek Kusztal 2022-05-16 18:50 ` [EXT] " Akhil Goyal 2022-04-13 14:03 ` [PATCH v2 2/2] cryptodev: add dh padding options Arek Kusztal 2022-05-16 18:51 ` [EXT] " Akhil Goyal
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.