[EXT] [PATCH 21/40] cryptodev: add public key verify option

Kusztal, ArkadiuszX arkadiuszx.kusztal at intel.com
Tue May 24 16:59:45 CEST 2022

Previous message (by thread): [EXT] [PATCH 21/40] cryptodev: add public key verify option
Next message (by thread): [EXT] [PATCH 21/40] cryptodev: add public key verify option
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


> -----Original Message-----
> From: Akhil Goyal <gakhil at marvell.com>
> Sent: Tuesday, May 24, 2022 2:12 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal at intel.com>; dev at dpdk.org
> Cc: Anoob Joseph <anoobj at marvell.com>; Zhang, Roy Fan
> <roy.fan.zhang at intel.com>
> Subject: RE: [EXT] [PATCH 21/40] cryptodev: add public key verify option
> 
> > - Added key exchange public key verify option.
> > For some elliptic curves public point in DH exchange needs to be
> > checked, if it lays on the curve.
> > Modular exponentiation needs certain checks as well, though
> > mathematically much easier.
> > This commit adds verify option to asym_op operations.
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal at intel.com>
> > ---
> >  lib/cryptodev/rte_crypto_asym.h | 8 +++++++-
> >  1 file changed, 7 insertions(+), 1 deletion(-)
> >
> > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > b/lib/cryptodev/rte_crypto_asym.h index 09edf2ac3d..73ff9ff815 100644
> > --- a/lib/cryptodev/rte_crypto_asym.h
> > +++ b/lib/cryptodev/rte_crypto_asym.h
> > @@ -110,8 +110,10 @@ enum rte_crypto_asym_ke_type {
> >  	/**< Private Key generation operation */
> >  	RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE,
> >  	/**< Public Key generation operation */
> > -	RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
> > +	RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE,
> >  	/**< Shared Secret compute operation */
> > +	RTE_CRYPTO_ASYM_OP_DH_KEY_VERIFY
> > +	/**< Public Key Verification */
> 
> Shouldn't this be RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_VERIFY ??
[Arek] - ah, yes. Sorry for that.
> 
> >  };
> >
> >  /**
> > @@ -397,6 +399,10 @@ struct rte_crypto_dh_op_param {
> >  	 * For ECDH it is a point on the curve.
> >  	 * Output for RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE
> >  	 * Input for RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
> > +	 *
> > +	 * VERIFY option can be used only for elliptic curve
> > +	 * point validation, for FFDH (DH) it is user's reponsibility
> > +	 * to check the public key accordingly.
> 
> What is expected from the user? Please be specific.
[Arek] - Well, this depends on protocol, usually it is size check for FFDH and zero check for x25519/448. Not sure how much information should be provided here.
> Add reference to the ke_type for which this comment id valid.

> 
> >  	 */
> >  	union {
> >  		rte_crypto_uint shared_secret;
> > --
> > 2.13.6

Previous message (by thread): [EXT] [PATCH 21/40] cryptodev: add public key verify option
Next message (by thread): [EXT] [PATCH 21/40] cryptodev: add public key verify option
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list