> - Added key exchange public key verify option.
> For some elliptic curves public point in DH exchange
> needs to be checked, if it lays on the curve.
> Modular exponentiation needs certain checks as well, though
> mathematically much easier.
> This commit adds verify option to asym_op operations.
>
> Signed-off-by: Arek Kusztal <arkadiuszx.kusz...@intel.com>
> ---
> lib/cryptodev/rte_crypto_asym.h | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 09edf2ac3d..73ff9ff815 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -110,8 +110,10 @@ enum rte_crypto_asym_ke_type {
> /**< Private Key generation operation */
> RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE,
> /**< Public Key generation operation */
> - RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
> + RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE,
> /**< Shared Secret compute operation */
> + RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY
> + /**< Public Key Verification */
Shouldn't this be RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_VERIFY ??
> };
>
> /**
> @@ -397,6 +399,10 @@ struct rte_crypto_dh_op_param {
> * For ECDH it is a point on the curve.
> * Output for RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE
> * Input for RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
> + *
> + * VERIFY option can be used only for elliptic curve
> + * point validation, for FFDH (DH) it is user's reponsibility
> + * to check the public key accordingly.
What is expected from the user? Please be specific.
Add reference to the ke_type for which this comment id valid.
> */
> union {
> rte_crypto_uint shared_secret;
> --
> 2.13.6
