[PATCH v2 1/2] cryptodev: add dh verify option

Wed, 13 Apr 2022 07:26:09 -0700 

For some elliptic curves public point in DH exchange
needs to be checked, if lays on the curve.
Modular exponentiation needs certain checks as well, though
mathematically much easier.
This commit adds verify option to asym_op operations.

Signed-off-by: Arek Kusztal <arkadiuszx.kusz...@intel.com>
---
 lib/cryptodev/rte_crypto_asym.h | 19 +++++++++++++++++++
 lib/cryptodev/rte_cryptodev.c   |  1 +
 2 files changed, 20 insertions(+)

diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 5b30083f30..c4f4afa07f 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -117,6 +117,8 @@ enum rte_crypto_asym_op_type {
        /**< DH Public Key generation operation */
        RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE,
        /**< DH Shared Secret compute operation */
+       RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY,
+       /**< DH Public Key Verification */
        RTE_CRYPTO_ASYM_OP_LIST_END
 };
 
@@ -412,6 +414,11 @@ struct rte_crypto_dh_op_param {
         * For ECDH it is a point on the curve.
         * Output for RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE
         * Input for RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE
+        * Input for RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY
+        *
+        * VERIFY option can be used only for elliptic curve
+        * point validation, for FFDH (DH) it is user's reponsability
+        * to check the public key accordingly.
         */
 
        union {
@@ -424,6 +431,18 @@ struct rte_crypto_dh_op_param {
         * For ECDH it is a point on the curve.
         * Output for RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE
         */
+        uint16_t flags;
+        /*
+         * Diffie-Hellman operation flags
+         * Flag                | Bit pos |      Description
+         
*--------------------------------------------------------------------------------
+         *                     |         | If set to 1 - verification will use 
all four
+         * Full verification   |    0    | steps of point verification (full 
validation),
+         *                     |         | otherwise three (partial validation 
- default).
+         
*--------------------------------------------------------------------------------
+         * Reserved            |   1-15  | Reserved
+         */
+
 };
 
 /**
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index 3500a2d470..2679ef54f8 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -181,6 +181,7 @@ const char *rte_crypto_asym_op_strings[] = {
        [RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE]       = "priv_key_generate",
        [RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE] = "pub_key_generate",
        [RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE] = "sharedsecret_compute",
+       [RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY] = "dh_pubkey_verify",
 };
 
 /**
-- 
2.13.6

Reply via email to