RE: [EXT] [PATCH 21/40] cryptodev: add public key verify option

Tue, 24 May 2022 07:59:58 -0700 


> -----Original Message-----
> From: Akhil Goyal <gak...@marvell.com>
> Sent: Tuesday, May 24, 2022 2:12 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusz...@intel.com>; dev@dpdk.org
> Cc: Anoob Joseph <ano...@marvell.com>; Zhang, Roy Fan
> <roy.fan.zh...@intel.com>
> Subject: RE: [EXT] [PATCH 21/40] cryptodev: add public key verify option
> 
> > - Added key exchange public key verify option.
> > For some elliptic curves public point in DH exchange needs to be
> > checked, if it lays on the curve.
> > Modular exponentiation needs certain checks as well, though
> > mathematically much easier.
> > This commit adds verify option to asym_op operations.
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusz...@intel.com>
> > ---
> >  lib/cryptodev/rte_crypto_asym.h | 8 +++++++-
> >  1 file changed, 7 insertions(+), 1 deletion(-)
> >
> > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > b/lib/cryptodev/rte_crypto_asym.h index 09edf2ac3d..73ff9ff815 100644
> > --- a/lib/cryptodev/rte_crypto_asym.h
> > +++ b/lib/cryptodev/rte_crypto_asym.h
> > @@ -110,8 +110,10 @@ enum rte_crypto_asym_ke_type {
> >     /**< Private Key generation operation */
> >     RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE,
> >     /**< Public Key generation operation */
> > -   RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
> > +   RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE,
> >     /**< Shared Secret compute operation */
> > +   RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY
> > +   /**< Public Key Verification */
> 
> Shouldn't this be RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_VERIFY ??
[Arek] - ah, yes. Sorry for that.
> 
> >  };
> >
> >  /**
> > @@ -397,6 +399,10 @@ struct rte_crypto_dh_op_param {
> >      * For ECDH it is a point on the curve.
> >      * Output for RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE
> >      * Input for RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
> > +    *
> > +    * VERIFY option can be used only for elliptic curve
> > +    * point validation, for FFDH (DH) it is user's reponsibility
> > +    * to check the public key accordingly.
> 
> What is expected from the user? Please be specific.
[Arek] - Well, this depends on protocol, usually it is size check for FFDH and 
zero check for x25519/448. Not sure how much information should be provided 
here.
> Add reference to the ke_type for which this comment id valid.

> 
> >      */
> >     union {
> >             rte_crypto_uint shared_secret;
> > --
> > 2.13.6
























					Reply via email to