From patchwork Wed May 25 15:53:18 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
X-Patchwork-Id: 111832
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id A0400A0555;
	Wed, 25 May 2022 19:04:16 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id F18BF427F3;
	Wed, 25 May 2022 19:04:14 +0200 (CEST)
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 by mails.dpdk.org (Postfix) with ESMTP id 38512427F0
 for <dev@dpdk.org>; Wed, 25 May 2022 19:04:13 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1653498253; x=1685034253;
 h=from:to:cc:subject:date:message-id:in-reply-to: references;
 bh=ubCwdFNUCU8GLV2Clz1j1YjWgs6YMm9udHisw2OYLx0=;
 b=InRQmFYx2SSwMrLrq/JyoJAkcLmsC3798PgB914kN8v5Z4Z6x5J/jzVA
 41jKR4jrRyanaJEXWUyiTS4q9CEPsjcjoJRdNs1TD19dftkXOs8z2NMRo
 cVqYyIpvfQZecJn/fid82KWfX0jTSa9uHISFdqgJJJpzZzdpzw9FqSsRr
 OZGZy5LRRlMh/BmL49WIAm9pU2UX6WzoVqmNS5YapU7yyzMqpzAaOyXpB
 Th6Cu+KZjepCW/eEd6RTSmR3SX+ivxjsrk3+eFaUkBBPuMOQXojn9kVXp
 eEwe7+9DG3DKXVQk6FZrTScpNIGLPXsbAFqq4BTf3ZPyPLaCkhjw9acZg Q==;
X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="273596388"
X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="273596388"
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
 by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 25 May 2022 10:01:22 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="664502375"
Received: from silpixa00399302.ir.intel.com ([10.237.214.136])
 by FMSMGA003.fm.intel.com with ESMTP; 25 May 2022 10:01:21 -0700
From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
To: dev@dpdk.org
Cc: gakhil@marvell.com, roy.fan.zhang@intel.com,
 Arek Kusztal <arkadiuszx.kusztal@intel.com>
Subject: [PATCH v2 08/14] cryptodev: add public key verify option
Date: Wed, 25 May 2022 16:53:18 +0100
Message-Id: <20220525155324.9288-9-arkadiuszx.kusztal@intel.com>
X-Mailer: git-send-email 2.13.6
In-Reply-To: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com>
References: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com>
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

- Added key exchange public key verify option.
For some elliptic curves public point in DH exchange
needs to be checked, if it lays on the curve.
Modular exponentiation needs certain checks as well, though
mathematically much easier.
This commit adds verify option to asym_op operations.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/cryptodev/rte_crypto_asym.h | 9 ++++++---
 lib/cryptodev/rte_cryptodev.c   | 3 ++-
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 0dab7c0593..3eafaecbbe 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -141,8 +141,10 @@ enum rte_crypto_asym_ke_type {
 	/**< Private Key generation operation */
 	RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE,
 	/**< Public Key generation operation */
-	RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
+	RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE,
 	/**< Shared Secret compute operation */
+	RTE_CRYPTO_ASYM_KE_EC_PUBLIC_KEY_VERIFY,
+	/**< Public Key Verification */
 };
 
 /**
@@ -434,8 +436,9 @@ struct rte_crypto_ecdh_op_param {
 	 * Output - generated public key, when xform type is
 	 * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE.
 	 *
-	 * Input - peer's public key, when xform type is
-	 * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
+	 * Input - peer's public key, when xform type is one of:
+	 * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE,
+	 * RTE_CRYPTO_ASYM_KE_EC_PUBLIC_KEY_VERIFY.
 	 */
 	struct rte_crypto_ec_point shared_secret;
 	/**<
diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index af58f49d07..57ee6b3f07 100644
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -185,7 +185,8 @@ const char *rte_crypto_asym_op_strings[] = {
 const char *rte_crypto_asym_ke_strings[] = {
 	[RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE] = "priv_key_generate",
 	[RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE] = "pub_key_generate",
-	[RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE] = "sharedsecret_compute"
+	[RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE] = "sharedsecret_compute",
+	[RTE_CRYPTO_ASYM_KE_EC_PUBLIC_KEY_VERIFY] = "pub_ec_key_verify"
 };
 
 /**