- Moved DH operation type to DH operation struct.
Operation type (PUBLIC_KEY_GENERATION, SHARED_SECRET) should
be free to choose for any operation. One xform/session should
be enough to perform both DH operations, if op_type would be xform
member, session would have to be created twice for the same
group. Similar problem would be observed in sessionless case.
Additionally, it will help extend DH to support Elliptic Curves.
- Changed order of Diffie-Hellman operation phases.
Now it corresponds with the order of operations.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
asym_op = op->asym;
/* Setup a xform and op to generate private key only */
- xform.dh.ke_type = RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE;
xform.next = NULL;
+ asym_op->dh.ke_type = RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE;
asym_op->dh.priv_key.data = dh_test_params.priv_key.data;
asym_op->dh.priv_key.length = dh_test_params.priv_key.length;
asym_op->dh.pub_key.data = (uint8_t *)peer;
asym_op = op->asym;
/* Setup a xform and op to generate private key only */
- xform.dh.ke_type = RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE;
xform.next = NULL;
+ asym_op->dh.ke_type = RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE;
asym_op->dh.priv_key.data = output;
asym_op->dh.priv_key.length = sizeof(output);
* using test private key
*
*/
- xform.dh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE;
xform.next = NULL;
+ asym_op->dh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE;
asym_op->dh.pub_key.data = output;
asym_op->dh.pub_key.length = sizeof(output);
/* load pre-defined private key */
* private key first followed by
* public key
*/
- xform.dh.ke_type = RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE;
pub_key_xform.xform_type = RTE_CRYPTO_ASYM_XFORM_DH;
- pub_key_xform.dh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE;
xform.next = &pub_key_xform;
+ asym_op->dh.ke_type = RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE;
asym_op->dh.pub_key.data = out_pub_key;
asym_op->dh.pub_key.length = sizeof(out_pub_key);
asym_op->dh.priv_key.data = out_prv_key;
- asym_op->dh.priv_key.length = sizeof(out_prv_key);
+ asym_op->dh.priv_key.length = 0;
ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess);
if (ret < 0) {
struct openssl_asym_session *sess)
{
struct rte_crypto_dh_op_param *op = &cop->asym->dh;
+ struct rte_crypto_asym_op *asym_op = cop->asym;
DH *dh_key = sess->u.dh.dh_key;
BIGNUM *priv_key = NULL;
int ret = 0;
- if (sess->u.dh.key_op &
- (1 << RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE)) {
+ if (asym_op->dh.ke_type == RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE) {
/* compute shared secret using peer public key
* and current private key
* shared secret = peer_key ^ priv_key mod p
* if user provides private key,
* then first set DH with user provided private key
*/
- if ((sess->u.dh.key_op &
- (1 << RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE)) &&
- !(sess->u.dh.key_op &
- (1 << RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE))) {
+ if (asym_op->dh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE &&
+ op->priv_key.length) {
/* generate public key using user-provided private key
* pub_key = g ^ priv_key mod p
*/
return 0;
}
- if (sess->u.dh.key_op & (1 << RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE)) {
+ if (asym_op->dh.ke_type == RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE) {
const BIGNUM *pub_key = NULL;
OPENSSL_LOG(DEBUG, "%s:%d update public key\n",
op->pub_key.data);
}
- if (sess->u.dh.key_op &
- (1 << RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE)) {
+ if (asym_op->dh.ke_type == RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE) {
const BIGNUM *priv_key = NULL;
OPENSSL_LOG(DEBUG, "%s:%d updated priv key\n",
DH_free(dh);
goto err_dh;
}
-
- /*
- * setup xfrom for
- * public key generate, or
- * DH Priv key generate, or both
- * public and private key generate
- */
- asym_session->u.dh.key_op = (1 << xform->dh.ke_type);
-
- if (xform->dh.ke_type ==
- RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE) {
- /* check if next is pubkey */
- if ((xform->next != NULL) &&
- (xform->next->xform_type ==
- RTE_CRYPTO_ASYM_XFORM_DH) &&
- (xform->next->dh.ke_type ==
- RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE)
- ) {
- /*
- * setup op as pub/priv key
- * pair generationi
- */
- asym_session->u.dh.key_op |=
- (1 <<
- RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE);
- }
- }
asym_session->u.dh.dh_key = dh;
asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DH;
break;
*
*/
struct rte_crypto_dh_xform {
- enum rte_crypto_asym_ke_type ke_type;
- /**< Setup xform for key generate or shared secret compute */
rte_crypto_uint p;
/**< Prime modulus data */
rte_crypto_uint g;
* @note:
*/
struct rte_crypto_dh_op_param {
- rte_crypto_uint pub_key;
- /**<
- * Output - generated public key, when dh xform ke_type is
- * RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE.
- *
- * Input - peer's public key, when dh xform ke_type is
- * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
- */
-
+ enum rte_crypto_asym_ke_type ke_type;
+ /**< Key exchange operation type */
rte_crypto_uint priv_key;
/**<
- * Output - generated private key, when dh xform ke_type is
+ * Output - generated private key when ke_type is
* RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE.
*
- * Input - private key, when dh xform ke_type is one of:
+ * Input - private key when ke_type is one of:
* RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE,
* RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
*
- * In case priv_key.length is 0 and xform type is set with
+ * In case priv_key.length is 0 and ke_type is set with
* RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE, CSRNG capable
* device will generate a private key and use it for public
* key generation.
*/
-
+ rte_crypto_uint pub_key;
+ /**<
+ * Output - generated public key when ke_type is
+ * RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE.
+ *
+ * Input - peer's public key when ke_type is
+ * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
+ */
rte_crypto_uint shared_secret;
/**<
- * Output - calculated shared secret when dh xform ke_type is
+ * Output - calculated shared secret when ke_type is
* RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
*/
};
git.droids-corp.org / dpdk.git / commitdiff