- Added key exchange public key verify option.
For some elliptic curves public point in DH exchange
needs to be checked, if it lays on the curve.
Modular exponentiation needs certain checks as well, though
mathematically much easier.
This commit adds verify option to asym_op operations.
Signed-off-by: Arek Kusztal <arkadiuszx.kusz...@intel.com>
---
lib/cryptodev/rte_crypto_asym.h | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 09edf2ac3d..73ff9ff815 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -110,8 +110,10 @@ enum rte_crypto_asym_ke_type {
/**< Private Key generation operation */
RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE,
/**< Public Key generation operation */
- RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
+ RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE,
/**< Shared Secret compute operation */
+ RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY
+ /**< Public Key Verification */
};
/**
@@ -397,6 +399,10 @@ struct rte_crypto_dh_op_param {
* For ECDH it is a point on the curve.
* Output for RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE
* Input for RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
+ *
+ * VERIFY option can be used only for elliptic curve
+ * point validation, for FFDH (DH) it is user's reponsibility
+ * to check the public key accordingly.
*/
union {
rte_crypto_uint shared_secret;
--
2.13.6
