From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CF0D8A04FF; Tue, 24 May 2022 16:59:51 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C06554281F; Tue, 24 May 2022 16:59:51 +0200 (CEST) Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mails.dpdk.org (Postfix) with ESMTP id 052A140140 for ; Tue, 24 May 2022 16:59:49 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653404390; x=1684940390; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=6wppFJBHa7XAHIlF4lgK4XHIp4xnVVryu+VXJDHclm8=; b=YPZehLvT13qdLA+JWXuXezHnw083ATI6jqO2wfIVSQyoK089nZKx13C+ zH1jBGJrqlrggTqmZcuVq3UtMloaUNl6ymeIcrpfQgCM7uVQLNEXY3AZI pAE4ZXY47nmbfV2ZUAGNp5g8VF2If1KhzGCSvNrBzRaEVswRbzi6jjteO CXOibU9zC6zO1bFbcbvvSWtloChCleyiVkjBJeT3Ve1/iKSRFGe+frKmz GddTF3dRI7FIdYaHGA29t/DgJPaBvTkhcXoZaw2YG+WZZTKiHSKPlPO/I WEsVBU3K4RXrNm3OrD6szxgqJvtEA+lwn444UmJYP3A4o2FDGbmDBgxhl A==; X-IronPort-AV: E=McAfee;i="6400,9594,10357"; a="253426538" X-IronPort-AV: E=Sophos;i="5.91,248,1647327600"; d="scan'208";a="253426538" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 May 2022 07:59:48 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,248,1647327600"; d="scan'208";a="526436739" Received: from orsmsx604.amr.corp.intel.com ([10.22.229.17]) by orsmga003.jf.intel.com with ESMTP; 24 May 2022 07:59:47 -0700 Received: from orsmsx608.amr.corp.intel.com (10.22.229.21) by ORSMSX604.amr.corp.intel.com (10.22.229.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Tue, 24 May 2022 07:59:47 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx608.amr.corp.intel.com (10.22.229.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Tue, 24 May 2022 07:59:47 -0700 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (104.47.57.42) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Tue, 24 May 2022 07:59:47 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aBtUJYLD0gfQMkVNBs4r3H9HZwPSio97mkFz4yHmNdvU174LCpZNQyBGOcDpucOHu+MtkuVR4sfyIx0Fm60jvQV8hzRqf54xJGYU4qQOOpvZDpVvrMMBDz3mlKnuShY6/n9fgqoz5a8wfy3I0L1/3IYE63Ds5rea4Lft8V7QW9THQZgXcFBwe5Sk8yQamQ15I6UMeBkoi7qHzoFplonC83CUWzwXOOqFIvxGEx7ueepRHu4mW7DWs+vwJNw5WTH6WrKqNe3t9GpMB7aen2FREG9HBV0Gs7tyhvbS0eyHudbjQoAvDkZjSxrE7w1QMBItexIh9FfqW8gUfEOA7qIhlw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=sJ33QrIgJMuAweP9MN0oqPraQ7lIu/A5od9GzSDNSzo=; b=W4yCOWpi4v0HngReLOalrlxQcdZLPhgTS8to8f7fINCCarhmBRyB9pY5/4njj9E2ml+43rMG6z3mnw9F+Lc/m1efLHeW68gHNQ0jK3nueyOBceWkNr94u30gkWdT+krVRS2H5u5a7ln5Dfwh+otdzp5ZQWxg+8gwa1yHL6tnJHv+hwKQPn33ZCKoLWAhJdZ06Bh3TYmjbEn6TP/JPjEU+3MOFc0TcsOGrCcWQVJL0sGkCWgsLGmIclcyd7pfxB4luDEjRzKSv0NmSqvt/GAG/r5KJu1Aerc6ayYV0sjjVEjBLWY7CnV2TvYf67f3WVxzHr1P7M27o57jQxSOMxdg1A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from CO1PR11MB5009.namprd11.prod.outlook.com (2603:10b6:303:9e::11) by PH7PR11MB5861.namprd11.prod.outlook.com (2603:10b6:510:133::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5273.22; Tue, 24 May 2022 14:59:45 +0000 Received: from CO1PR11MB5009.namprd11.prod.outlook.com ([fe80::f538:5980:ef0d:b634]) by CO1PR11MB5009.namprd11.prod.outlook.com ([fe80::f538:5980:ef0d:b634%6]) with mapi id 15.20.5273.023; Tue, 24 May 2022 14:59:45 +0000 From: "Kusztal, ArkadiuszX" To: Akhil Goyal , "dev@dpdk.org" CC: Anoob Joseph , "Zhang, Roy Fan" Subject: RE: [EXT] [PATCH 21/40] cryptodev: add public key verify option Thread-Topic: [EXT] [PATCH 21/40] cryptodev: add public key verify option Thread-Index: AQHYbBe3jZkOfB7ZGUOnF6pEOyCAaa0t9t4AgAAtwMA= Date: Tue, 24 May 2022 14:59:45 +0000 Message-ID: References: <20220520055445.40063-1-arkadiuszx.kusztal@intel.com> <20220520055445.40063-22-arkadiuszx.kusztal@intel.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-reaction: no-action dlp-version: 11.6.500.17 dlp-product: dlpe-windows authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4540f77c-2c22-4bf9-ab27-08da3d960a5a x-ms-traffictypediagnostic: PH7PR11MB5861:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: m1t1TxhtWXugZvyGlpi59lXrCJKs6c4K0nJlT5br7SbsYEnsszKibIqjwwTkn1s6pM6fPpE2Q59n5w7g9CCsgPcbCGKVSOnuOy6c3q/Fr39B/T8hOZGXEdu8jIADD0ptpVEMaV+biGCb+sdU7qlquvDZbS7yWnK8daXkvsQpe527404Sq84F9eWs0kU8LtRyjQwFZjh1HQSWKhFNkDQWb05ajJUd1J+aY7zkeM2cULHcBh2dSsWH65xTFaW6sLVPnSZr9i4XNz/z3Lv5MBBqzkMHy0qNOIc6MzmqebbV3h7IIL9mnyxZuNL/OTzlvu7WP5HV9shOumgXUDrH6v0Y246HrHMjvZSoBultiwBsl9B5/pVTANoikJz0Oegc+coSgb5eYKCm1GZdp1ZNiV0l15qAEmLUvJhLZJ7vazi/1CQxBn20DOcoPnMkebn9QSgOV4gqjDu2ee1hNl/nabDXt2jjjaGdFl5L+48391Pl1d+gVwdvLi0E2ElkAQbKLXXuZW6KorEE1nK9anvVdfTQLOxVUevt8xrH4JpyDDJO6rYE6TMIKVQyGo8xV6rmEZ8JK1GBh8HJAAvyqJ//Vvv9ws20dFXMDspXsW2m2mzjiHic3fXqOHbbnPvHR+0I4AUSKYa90IJwqaZG7L5T1BR8xe+Yv/cBy7wC4j8BVElUKEM9o433rq1GH0ShctZFSHYkWMKX7pG3Il+GTegNjCElXQ== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5009.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(316002)(5660300002)(38100700002)(82960400001)(122000001)(54906003)(110136005)(107886003)(53546011)(8936002)(64756008)(66476007)(4326008)(66446008)(76116006)(8676002)(66556008)(66946007)(86362001)(6506007)(33656002)(26005)(38070700005)(9686003)(55016003)(15650500001)(83380400001)(7696005)(71200400001)(2906002)(508600001)(186003)(52536014); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?9e/B/jNRqSGhdbtXC9MOOPVtA0Ck4uNbKscOGvO5r5IpZSjJylXqems6Vd9u?= =?us-ascii?Q?22Psk+bFcFTMmiuvdMDsWDwZ5KjsQlb0iFtk1AshFZdBECpe6YWkx0ElrGDN?= =?us-ascii?Q?c9oJY2xwhcoKCJ9x5UhOInsXbccLMt5gk8Ydt6KuOT7nii0URqOXQkNNciFU?= =?us-ascii?Q?R81waRCFHUwFfK/U6v7vDPFTnWUbYCDMgk8x2QN2vmyF/teKTOfwLIMQvxsr?= =?us-ascii?Q?N44gR1pL2pWNrY8eE5NslGrp+IgXGVTH8+9bwpM7Dj4ApkX7ssmw2DW0P2y1?= =?us-ascii?Q?vipXqkBqAR8lu0g1x9zw5iuxhBbjS3SLtTJjxObbbIdudZdvBhyVCxljwB6P?= =?us-ascii?Q?BHwEQgNJHilblK7n3gH1wW1tJrnaGGGWrjK0EmlQCjrmtxLvwg5g91ZWnLz6?= =?us-ascii?Q?qvOs2oZJievwSMQ2pQZi1bCZBbvtbdxrhIlvbDRHJMRch4vYAqp8f7UkQSbf?= =?us-ascii?Q?YPJ7Ge/XMcqXgKbTy+yrAETou9xo9ht5QW+2bpiYj1AJ2qriSXsRcq+1qyaE?= =?us-ascii?Q?cfzHQyTPPcOv9xDK6TI0s2Mj5+oWnP9d/xIkG0iDgr6ehZ8WIyrrLdcJtyr9?= =?us-ascii?Q?zLB65McaShImfxUQLYu5c6QY4lO+UrGnThOtOnx81vxkY8b5e93t3ieAvt0Z?= =?us-ascii?Q?DbCsX3HeJ6vQ97Kog5IlS2wkKr9usO8ObWnkxBlVyEw/JCjAqCruxzOe5T6b?= =?us-ascii?Q?6k6wuOQR7h83U7+4QKYejIuU6r9XyTdgO2kZnaaDL20JpZD0fBEPWVzCDKLE?= =?us-ascii?Q?fqCPyxbB+NbvK6GxB02XOfiWy+bju45QLzmtGLacaq7FF4uM6kLeC2DplLEl?= =?us-ascii?Q?VaJFSfkW1VikjOAJ4oHEUcRetcNkA5+OsSL7F96rzpMhPoQ2KxgxK86BHlws?= =?us-ascii?Q?K4sMhSNXaq6ypkVvH9Hid+fI31ebOtEnPIxa+1g0TN87buZU6amFYBN8V9gJ?= =?us-ascii?Q?o5Y73TGSeDMearHKO4fYdgGO1H2++EwCsFufD2CGXFu1f9FOjhPXpNV3mRN4?= =?us-ascii?Q?jRyPjuK5zz0/tHQJw3QEwgGpgiFlC+x5QIpuRA7z6JHr54Zp3Sn50XBSEGMy?= =?us-ascii?Q?UA5ZGyRIW/e2PR331AKT5W2TMs+2OS+xtEvxsRk4WohNl0jX+4IiYAqJK6mE?= =?us-ascii?Q?a3pQ1Z6tXGilNNuX0nIRhO0GIXUluPy7gR+JC7G6Ptd/idaN2Ap6xFXprabY?= =?us-ascii?Q?YjaRicMWEpMPW2qZ2nAUWphSideIsI/wkbj4szR4r7tm6vOgYQbMRQ1R/owp?= =?us-ascii?Q?Y4nG9N8DsoGGBLD+QV0qLTS7RHDzZbj5D3EsQrFfPhlgqCj+qsmayfbM7iQK?= =?us-ascii?Q?93Lxx39QszKiwpehxkdZEPThvtqxExR3u1A31w+0/STM1pmiX4XqL0TLNMW+?= =?us-ascii?Q?THRrt18TMnWLwyF+09uol1OvgYzMq7GeUtyqyI529u534EU8tTdJPmG62a6u?= =?us-ascii?Q?+ckwWMK6UgIfNq4tDU68rJg6mY6XnfiWD3pQMC7g0OdDUngvH/37jwChypTN?= =?us-ascii?Q?5AYU08qqYT9r9SBiVPw1XOK5N7g7jpQpg3/8mCS34F+dlJhEcTOaoenG8QsO?= =?us-ascii?Q?ePZx2MCoB+oKwMcD7z93lupsuI+oIQzPaPQhgk15Q9DcTlCxA82+2du7CEPX?= =?us-ascii?Q?dulGII/a/c4B/WRDDkVqf1Vaj/Mh8wCwLrbXn1uL5BbF2Np2l2CWheIvx1AB?= =?us-ascii?Q?9he94dPiQ1GgC+5QZ747HQ3yjG6x28v/n2+p/rXYjv6IF2i9VXw8E3AYHH+u?= =?us-ascii?Q?8dEDQbxp2uZmL1LupGS4qY5ZGlaFhUU=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5009.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4540f77c-2c22-4bf9-ab27-08da3d960a5a X-MS-Exchange-CrossTenant-originalarrivaltime: 24 May 2022 14:59:45.3980 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 3iP2gIoAgTrX2TPr+2bTz2zTZhhCLkImMey3abEqV57Q2MdDb23iPyl/L1DbvNI0cXpybUV89WXRvFtnN4V4FLhg/D2WXr6ybVGRDd6GBDA= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB5861 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org > -----Original Message----- > From: Akhil Goyal > Sent: Tuesday, May 24, 2022 2:12 PM > To: Kusztal, ArkadiuszX ; dev@dpdk.org > Cc: Anoob Joseph ; Zhang, Roy Fan > > Subject: RE: [EXT] [PATCH 21/40] cryptodev: add public key verify option >=20 > > - Added key exchange public key verify option. > > For some elliptic curves public point in DH exchange needs to be > > checked, if it lays on the curve. > > Modular exponentiation needs certain checks as well, though > > mathematically much easier. > > This commit adds verify option to asym_op operations. > > > > Signed-off-by: Arek Kusztal > > --- > > lib/cryptodev/rte_crypto_asym.h | 8 +++++++- > > 1 file changed, 7 insertions(+), 1 deletion(-) > > > > diff --git a/lib/cryptodev/rte_crypto_asym.h > > b/lib/cryptodev/rte_crypto_asym.h index 09edf2ac3d..73ff9ff815 100644 > > --- a/lib/cryptodev/rte_crypto_asym.h > > +++ b/lib/cryptodev/rte_crypto_asym.h > > @@ -110,8 +110,10 @@ enum rte_crypto_asym_ke_type { > > /**< Private Key generation operation */ > > RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, > > /**< Public Key generation operation */ > > - RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE > > + RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE, > > /**< Shared Secret compute operation */ > > + RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY > > + /**< Public Key Verification */ >=20 > Shouldn't this be RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_VERIFY ?? [Arek] - ah, yes. Sorry for that. >=20 > > }; > > > > /** > > @@ -397,6 +399,10 @@ struct rte_crypto_dh_op_param { > > * For ECDH it is a point on the curve. > > * Output for RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE > > * Input for RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE > > + * > > + * VERIFY option can be used only for elliptic curve > > + * point validation, for FFDH (DH) it is user's reponsibility > > + * to check the public key accordingly. >=20 > What is expected from the user? Please be specific. [Arek] - Well, this depends on protocol, usually it is size check for FFDH = and zero check for x25519/448. Not sure how much information should be prov= ided here. > Add reference to the ke_type for which this comment id valid. >=20 > > */ > > union { > > rte_crypto_uint shared_secret; > > -- > > 2.13.6