cryptodev: add public key verify option

- Added key exchange public key verify option.
For some elliptic curves public point in DH exchange
needs to be checked, if it lays on the curve.
Modular exponentiation needs certain checks as well,
though mathematically much easier.
This commit adds verify option to asym_op operations.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 13f2e6aa1f87c6f98a429a06b937704d27be0b9b..7c3978b21fa21ecaa9c36cdfe2ec505de919fb3e 100644 (file)
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -130,8 +130,12 @@ enum rte_crypto_asym_ke_type {
        /**< Private Key generation operation */
        RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE,
        /**< Public Key generation operation */
-       RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
+       RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE,
        /**< Shared Secret compute operation */
+       RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY
+       /**< Public Key Verification - can be used for
+        * elliptic curve point validation.
+        */
 };
 
 /**
@@ -455,8 +459,9 @@ struct rte_crypto_ecdh_op_param {
         * Output - generated public key when ke_type is
         * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE.
         *
-        * Input - peer's public key when ke_type is
-        * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE.
+        * Input - peer's public key, when ke_type is one of:
+        * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE,
+        * RTE_CRYPTO_ASYM_KE_EC_PUBLIC_KEY_VERIFY.
         */
        struct rte_crypto_ec_point shared_secret;
        /**<

diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c
index cc614b0f72dce23fc99918b9a84e2f47591aec7d..42f32210526d8bfc0d037ba166dbf4911365fa79 100644 (file)
--- a/lib/cryptodev/rte_cryptodev.c
+++ b/lib/cryptodev/rte_cryptodev.c
@@ -186,7 +186,8 @@ const char *rte_crypto_asym_op_strings[] = {
 const char *rte_crypto_asym_ke_strings[] = {
        [RTE_CRYPTO_ASYM_KE_PRIV_KEY_GENERATE] = "priv_key_generate",
        [RTE_CRYPTO_ASYM_KE_PUB_KEY_GENERATE] = "pub_key_generate",
-       [RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE] = "sharedsecret_compute"
+       [RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE] = "sharedsecret_compute",
+       [RTE_CRYPTO_ASYM_KE_PUB_KEY_VERIFY] = "pub_ec_key_verify"
 };
 
 /**