> For some elliptic curves public point in DH exchange
> needs to be checked, if lays on the curve.
> Modular exponentiation needs certain checks as well, though
> mathematically much easier.
> This commit adds verify option to asym_op operations.
>
> Signed-off-by: Arek Kusztal <arkadiuszx.kusz...@intel.com>
> ---
> lib/cryptodev/rte_crypto_asym.h | 19 +++++++++++++++++++
> lib/cryptodev/rte_cryptodev.c | 1 +
> 2 files changed, 20 insertions(+)
>
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 5b30083f30..c4f4afa07f 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -117,6 +117,8 @@ enum rte_crypto_asym_op_type {
> /**< DH Public Key generation operation */
> RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE,
> /**< DH Shared Secret compute operation */
> + RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY,
I think RTE_CRYPTO_ASYM_OP_DH_PUB_KEY_VERIFY is a better name.
> + /**< DH Public Key Verification */
> RTE_CRYPTO_ASYM_OP_LIST_END
> };
>
> @@ -412,6 +414,11 @@ struct rte_crypto_dh_op_param {
> * For ECDH it is a point on the curve.
> * Output for RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE
> * Input for RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE
> + * Input for RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY
> + *
> + * VERIFY option can be used only for elliptic curve
> + * point validation, for FFDH (DH) it is user's reponsability
> + * to check the public key accordingly.
> */
>
> union {
> @@ -424,6 +431,18 @@ struct rte_crypto_dh_op_param {
> * For ECDH it is a point on the curve.
> * Output for RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE
> */
> + uint16_t flags;
> + /*
> + * Diffie-Hellman operation flags
> + * Flag | Bit pos | Description
> +
> *--------------------------------------------------------------------------------
> + * | | If set to 1 - verification will use
> all four
> + * Full verification | 0 | steps of point verification (full
> validation),
> + * | | otherwise three (partial validation
> - default).
> +
> *--------------------------------------------------------------------------------
> + * Reserved | 1-15 | Reserved
> + */
Instead of adding these comments. It is better to define macros for each of the
flags.
Give reference of the macros in the comments here.
> +
> };
>
> /**
> diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
> index 3500a2d470..2679ef54f8 100644
> --- a/lib/cryptodev/rte_cryptodev.c
> +++ b/lib/cryptodev/rte_cryptodev.c
> @@ -181,6 +181,7 @@ const char *rte_crypto_asym_op_strings[] = {
> [RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE] =
> "priv_key_generate",
> [RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE] =
> "pub_key_generate",
> [RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE] =
> "sharedsecret_compute",
> + [RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY] = "dh_pubkey_verify",
> };
>
> /**
> --
> 2.13.6
