From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A1A3BC433F5
	for <dpdk-dev@archiver.kernel.org>; Mon, 30 May 2022 15:40:32 +0000 (UTC)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 76F8D42B89;
	Mon, 30 May 2022 17:39:53 +0200 (CEST)
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
 by mails.dpdk.org (Postfix) with ESMTP id A982642B78
 for <dev@dpdk.org>; Mon, 30 May 2022 17:39:50 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1653925190; x=1685461190;
 h=from:to:cc:subject:date:message-id:in-reply-to: references;
 bh=9iWeqxK8lPJBGNSZqCbi+yqA26tMNyFJ6nXOINLDjkA=;
 b=RGaYSmyMPnBQq7pkX8Eud3LAJe9WhYBUeu9RlVgcifJkVcX1rUlNcnCV
 70RYjiy3EwlXwG85q8pz5undeUGaQTNmOW7HgZz5EajcZM+L/CXsSjj8c
 Myzb60GoqQ34XFkSQ1UQCa4jH8DCt9xv7NrAp5rIevIHXCBcAvAba4hxq
 MY/L0IMA7j3Wsg9mzzxwYiNo2hLNt8CaDLTDwwwv2kjyGEu0zbdlzdyHB
 NrLYacYkLgy7odYa78aHP/fFxgwS589bXIJSTCu9n0aJaWs6ig7D+nsvh
 U//Mzp2T7rr0cjnvaVTjZ8AvrhgI4cQn5K4zQofuUepGIRG+EssQVfLb2 g==;
X-IronPort-AV: E=McAfee;i="6400,9594,10363"; a="338069475"
X-IronPort-AV: E=Sophos;i="5.91,263,1647327600"; d="scan'208";a="338069475"
Received: from orsmga005.jf.intel.com ([10.7.209.41])
 by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 30 May 2022 08:39:50 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.91,263,1647327600"; d="scan'208";a="751678545"
Received: from silpixa00399302.ir.intel.com ([10.237.214.136])
 by orsmga005.jf.intel.com with ESMTP; 30 May 2022 08:39:49 -0700
From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
To: dev@dpdk.org
Cc: gakhil@marvell.com, roy.fan.zhang@intel.com,
 Arek Kusztal <arkadiuszx.kusztal@intel.com>
Subject: [PATCH v3 07/12] cryptodev: add public key verify option
Date: Mon, 30 May 2022 15:31:54 +0100
Message-Id: <20220530143159.13672-8-arkadiuszx.kusztal@intel.com>
X-Mailer: git-send-email 2.13.6
In-Reply-To: <20220530143159.13672-1-arkadiuszx.kusztal@intel.com>
References: <20220530143159.13672-1-arkadiuszx.kusztal@intel.com>
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

- Added key exchange public key verify option.
For some elliptic curves public point in DH exchange
needs to be checked, if it lays on the curve.
Modular exponentiation needs certain checks as well, though
mathematically much easier.
This commit adds verify option to asym_op operations.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/cryptodev/rte_crypto_asym.h | 11 ++++++++---
 lib/cryptodev/rte_cryptodev.c   |  3 ++-
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index f61a2ddce8..ae3ca31a89 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -130,8 +130,12 @@ enum rte_crypto_asym_ke_type {
 	/**< Private Key generation operation */
 	RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE,
 	/**< Public Key generation operation */
-	RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
+	RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE,
 	/**< Shared Secret compute operation */
+	RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY
+	/**< Public Key Verification - can be used for
+	 * elliptic curve point validation.
+	 */
 };
 
 /**
@@ -455,8 +459,9 @@ struct rte_crypto_ecdh_op_param {
 	 * Output - generated public key when ke_type is
 	 * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE.
 	 *
-	 * Input - peer's public key when ke_type is
-	 * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
+	 * Input - peer's public key, when ke_type is one of:
+	 * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE,
+	 * RTE_CRYPTO_ASYM_KE_EC_PUBLIC_KEY_VERIFY.
 	 */
 	struct rte_crypto_ec_point shared_secret;
 	/**<
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index cc614b0f72..42f3221052 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -186,7 +186,8 @@ const char *rte_crypto_asym_op_strings[] = {
 const char *rte_crypto_asym_ke_strings[] = {
 	[RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE] = "priv_key_generate",
 	[RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE] = "pub_key_generate",
-	[RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE] = "sharedsecret_compute"
+	[RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE] = "sharedsecret_compute",
+	[RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY] = "pub_ec_key_verify"
 };
 
 /**
-- 
2.13.6