DPDK-dev Archive on lore.kernel.org
 help / color / Atom feed
* [dpdk-dev] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto
@ 2019-07-18 16:09 Arek Kusztal
  2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 1/7] cryptodev: change RSA API comments about primes Arek Kusztal
                   ` (7 more replies)
  0 siblings, 8 replies; 14+ messages in thread
From: Arek Kusztal @ 2019-07-18 16:09 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal, fiona.trahe, shallyv, damianx.nowak, Arek Kusztal

Ramoved patches that was not acked by Shally.
So open things:
1. Creating padding struct.
2. Padding parameters (seedlen, optional label etc).
3. Leading zeroes questions.
4. Random number requirements.
5. Capabilities.
6. Verify signature field when none padding.
7. Padding none.
8. Signature input format.

Arek Kusztal (7):
  cryptodev: change RSA API comments about primes
  cryptodev: add cipher field to RSA op
  crypto/openssl: add cipher field to openssl RSA implementation
  test: add cipher field to RSA test
  cryptodev: remove RSA PKCS1 BT0 padding
  openssl: remove RSA PKCS1_5 BT0 padding
  test: remove RSA PKCS1_5 BT0 padding from test cases

 app/test/test_cryptodev_asym.c           | 13 ++++---
 drivers/crypto/openssl/rte_openssl_pmd.c | 12 +++----
 lib/librte_cryptodev/rte_crypto_asym.h   | 61 +++++++++++++++++++++-----------
 3 files changed, 55 insertions(+), 31 deletions(-)

-- 
2.1.0


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [dpdk-dev] [PATCH v5 1/7] cryptodev: change RSA API comments about primes
  2019-07-18 16:09 [dpdk-dev] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Arek Kusztal
@ 2019-07-18 16:09 ` Arek Kusztal
  2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 2/7] cryptodev: add cipher field to RSA op Arek Kusztal
                   ` (6 subsequent siblings)
  7 siblings, 0 replies; 14+ messages in thread
From: Arek Kusztal @ 2019-07-18 16:09 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal, fiona.trahe, shallyv, damianx.nowak, Arek Kusztal

RSA modulus cannot be prime as its security depends on the problem
of integer factorization.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/librte_cryptodev/rte_crypto_asym.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/librte_cryptodev/rte_crypto_asym.h b/lib/librte_cryptodev/rte_crypto_asym.h
index 8672f21..02ec304 100644
--- a/lib/librte_cryptodev/rte_crypto_asym.h
+++ b/lib/librte_cryptodev/rte_crypto_asym.h
@@ -199,8 +199,8 @@ struct rte_crypto_rsa_priv_key_qt {
  */
 struct rte_crypto_rsa_xform {
 	rte_crypto_param n;
-	/**< n - Prime modulus
-	 * Prime modulus data of RSA operation in Octet-string network
+	/**< n - Modulus
+	 * Modulus data of RSA operation in Octet-string network
 	 * byte order format.
 	 */
 
@@ -409,7 +409,7 @@ struct rte_crypto_rsa_op_param {
 	 * over-written with generated signature.
 	 *
 	 * Length of the signature data will be equal to the
-	 * RSA prime modulus length.
+	 * RSA modulus length.
 	 */
 
 	enum rte_crypto_rsa_padding_type pad;
-- 
2.1.0


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [dpdk-dev] [PATCH v5 2/7] cryptodev: add cipher field to RSA op
  2019-07-18 16:09 [dpdk-dev] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Arek Kusztal
  2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 1/7] cryptodev: change RSA API comments about primes Arek Kusztal
@ 2019-07-18 16:09 ` Arek Kusztal
  2019-07-19  4:42   ` [dpdk-dev] [EXT] " Shally Verma
  2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 3/7] crypto/openssl: add cipher field to openssl RSA implementation Arek Kusztal
                   ` (5 subsequent siblings)
  7 siblings, 1 reply; 14+ messages in thread
From: Arek Kusztal @ 2019-07-18 16:09 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal, fiona.trahe, shallyv, damianx.nowak, Arek Kusztal

Asymmetric nature of RSA algorithm suggest to use
additional field for output. In place operations
still can be done by setting cipher and message pointers
with the same memory address.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/librte_cryptodev/rte_crypto_asym.h | 43 ++++++++++++++++++++++++++++------
 1 file changed, 36 insertions(+), 7 deletions(-)

diff --git a/lib/librte_cryptodev/rte_crypto_asym.h b/lib/librte_cryptodev/rte_crypto_asym.h
index 02ec304..1d4ec80 100644
--- a/lib/librte_cryptodev/rte_crypto_asym.h
+++ b/lib/librte_cryptodev/rte_crypto_asym.h
@@ -395,21 +395,50 @@ struct rte_crypto_rsa_op_param {
 
 	rte_crypto_param message;
 	/**<
-	 * Pointer to data
+	 * Pointer to input data
 	 * - to be encrypted for RSA public encrypt.
-	 * - to be decrypted for RSA private decrypt.
 	 * - to be signed for RSA sign generation.
 	 * - to be authenticated for RSA sign verification.
+	 *
+	 * Pointer to output data
+	 * - for RSA private decrypt.
+	 * In this case the underlying array should have been
+	 * allocated with enough memory to hold plaintext output
+	 * (i.e. must be at least RSA key size). The message.length
+	 * field should be 0 and will be overwritten by the PMD
+	 * with the decrypted length.
+	 *
+	 * All data is in Octet-string network byte order format.
+	 */
+
+	rte_crypto_param cipher;
+	/**<
+	 * Pointer to input data
+	 * - to be decrypted for RSA private decrypt.
+	 *
+	 * Pointer to output data
+	 * - for RSA public encrypt.
+	 * In this case the underlying array should have been allocated
+	 * with enough memory to hold ciphertext output (i.e. must be
+	 * at least RSA key size). The cipher.length field should
+	 * be 0 and will be overwritten by the PMD with the encrypted length.
+	 *
+	 * All data is in Octet-string network byte order format.
 	 */
 
 	rte_crypto_param sign;
 	/**<
-	 * Pointer to RSA signature data. If operation is RSA
-	 * sign @ref RTE_CRYPTO_ASYM_OP_SIGN, buffer will be
-	 * over-written with generated signature.
+	 * Pointer to input data
+	 * - to be verified for RSA public decrypt.
+	 *
+	 * Pointer to output data
+	 * - for RSA private encrypt.
+	 * In this case the underlying array should have been allocated
+	 * with enough memory to hold signature output (i.e. must be
+	 * at least RSA key size). The sign.length field should
+	 * be 0 and will be overwritten by the PMD with the signature length.
 	 *
-	 * Length of the signature data will be equal to the
-	 * RSA modulus length.
+	 * All data is in Octet-string network byte order format.
 	 */
 
 	enum rte_crypto_rsa_padding_type pad;
-- 
2.1.0


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [dpdk-dev] [PATCH v5 3/7] crypto/openssl: add cipher field to openssl RSA implementation
  2019-07-18 16:09 [dpdk-dev] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Arek Kusztal
  2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 1/7] cryptodev: change RSA API comments about primes Arek Kusztal
  2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 2/7] cryptodev: add cipher field to RSA op Arek Kusztal
@ 2019-07-18 16:09 ` Arek Kusztal
  2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 4/7] test: add cipher field to RSA test Arek Kusztal
                   ` (4 subsequent siblings)
  7 siblings, 0 replies; 14+ messages in thread
From: Arek Kusztal @ 2019-07-18 16:09 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal, fiona.trahe, shallyv, damianx.nowak, Arek Kusztal

This commit adds cipher field to openssl pmd to comfort to
API change.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 7c8bf0d..71ae320 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1867,19 +1867,19 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
 	case RTE_CRYPTO_ASYM_OP_ENCRYPT:
 		ret = RSA_public_encrypt(op->rsa.message.length,
 				op->rsa.message.data,
-				op->rsa.message.data,
+				op->rsa.cipher.data,
 				rsa,
 				pad);
 
 		if (ret > 0)
-			op->rsa.message.length = ret;
+			op->rsa.cipher.length = ret;
 		OPENSSL_LOG(DEBUG,
 				"length of encrypted text %d\n", ret);
 		break;
 
 	case RTE_CRYPTO_ASYM_OP_DECRYPT:
-		ret = RSA_private_decrypt(op->rsa.message.length,
-				op->rsa.message.data,
+		ret = RSA_private_decrypt(op->rsa.cipher.length,
+				op->rsa.cipher.data,
 				op->rsa.message.data,
 				rsa,
 				pad);
-- 
2.1.0


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [dpdk-dev] [PATCH v5 4/7] test: add cipher field to RSA test
  2019-07-18 16:09 [dpdk-dev] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Arek Kusztal
                   ` (2 preceding siblings ...)
  2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 3/7] crypto/openssl: add cipher field to openssl RSA implementation Arek Kusztal
@ 2019-07-18 16:09 ` Arek Kusztal
  2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 5/7] cryptodev: remove RSA PKCS1 BT0 padding Arek Kusztal
                   ` (3 subsequent siblings)
  7 siblings, 0 replies; 14+ messages in thread
From: Arek Kusztal @ 2019-07-18 16:09 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal, fiona.trahe, shallyv, damianx.nowak, Arek Kusztal

This patch adds cipher field to RSA test cases

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 app/test/test_cryptodev_asym.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 4dee164..97f3430 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -92,6 +92,7 @@ queue_ops_rsa_sign_verify(struct rte_cryptodev_asym_session *sess)
 
 	asym_op->rsa.message.data = rsaplaintext.data;
 	asym_op->rsa.message.length = rsaplaintext.len;
+	asym_op->rsa.sign.length = 0;
 	asym_op->rsa.sign.data = output_buf;
 	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT1;
 
@@ -164,6 +165,7 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
 	uint8_t dev_id = ts_params->valid_devs[0];
 	struct rte_crypto_op *op, *result_op;
 	struct rte_crypto_asym_op *asym_op;
+	uint8_t cipher_buf[TEST_DATA_SIZE] = {0};
 	int ret, status = TEST_SUCCESS;
 
 	/* Set up crypto op data structure */
@@ -180,6 +182,8 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
 	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
 
 	asym_op->rsa.message.data = rsaplaintext.data;
+	asym_op->rsa.cipher.data = cipher_buf;
+	asym_op->rsa.cipher.length = 0;
 	asym_op->rsa.message.length = rsaplaintext.len;
 	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2;
 
@@ -211,6 +215,7 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
 
 	/* Use the resulted output as decryption Input vector*/
 	asym_op = result_op->asym;
+	asym_op->rsa.message.length = 0;
 	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
 	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2;
 
-- 
2.1.0


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [dpdk-dev] [PATCH v5 5/7] cryptodev: remove RSA PKCS1 BT0 padding
  2019-07-18 16:09 [dpdk-dev] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Arek Kusztal
                   ` (3 preceding siblings ...)
  2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 4/7] test: add cipher field to RSA test Arek Kusztal
@ 2019-07-18 16:09 ` Arek Kusztal
  2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 6/7] openssl: remove RSA PKCS1_5 " Arek Kusztal
                   ` (2 subsequent siblings)
  7 siblings, 0 replies; 14+ messages in thread
From: Arek Kusztal @ 2019-07-18 16:09 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal, fiona.trahe, shallyv, damianx.nowak, Arek Kusztal

BT0 block type padding after rfc2313 has been discontinued.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/librte_cryptodev/rte_crypto_asym.h | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/lib/librte_cryptodev/rte_crypto_asym.h b/lib/librte_cryptodev/rte_crypto_asym.h
index 1d4ec80..0442242 100644
--- a/lib/librte_cryptodev/rte_crypto_asym.h
+++ b/lib/librte_cryptodev/rte_crypto_asym.h
@@ -112,17 +112,9 @@ enum rte_crypto_asym_op_type {
 enum rte_crypto_rsa_padding_type {
 	RTE_CRYPTO_RSA_PADDING_NONE = 0,
 	/**< RSA no padding scheme */
-	RTE_CRYPTO_RSA_PKCS1_V1_5_BT0,
-	/**< RSA PKCS#1 V1.5 Block Type 0 padding scheme
-	 * as described in rfc2313
-	 */
-	RTE_CRYPTO_RSA_PKCS1_V1_5_BT1,
-	/**< RSA PKCS#1 V1.5 Block Type 01 padding scheme
-	 * as described in rfc2313
-	 */
-	RTE_CRYPTO_RSA_PKCS1_V1_5_BT2,
-	/**< RSA PKCS#1 V1.5 Block Type 02 padding scheme
-	 * as described in rfc2313
+	RTE_CRYPTO_RSA_PADDING_PKCS1_5,
+	/**< RSA PKCS#1 PKCS1-v1_5 padding scheme. For signatures block type 01,
+	 * for encryption block type 02 are used.
 	 */
 	RTE_CRYPTO_RSA_PADDING_OAEP,
 	/**< RSA PKCS#1 OAEP padding scheme */
-- 
2.1.0


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [dpdk-dev] [PATCH v5 6/7] openssl: remove RSA PKCS1_5 BT0 padding
  2019-07-18 16:09 [dpdk-dev] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Arek Kusztal
                   ` (4 preceding siblings ...)
  2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 5/7] cryptodev: remove RSA PKCS1 BT0 padding Arek Kusztal
@ 2019-07-18 16:09 ` " Arek Kusztal
  2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 7/7] test: remove RSA PKCS1_5 BT0 padding from test cases Arek Kusztal
  2019-07-19  4:45 ` [dpdk-dev] [EXT] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Shally Verma
  7 siblings, 0 replies; 14+ messages in thread
From: Arek Kusztal @ 2019-07-18 16:09 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal, fiona.trahe, shallyv, damianx.nowak, Arek Kusztal

This patch removes RSA PKCS1_5 BT0 padding from openssl PMD.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 71ae320..2f55528 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1848,9 +1848,7 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
 	cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
 	switch (pad) {
-	case RTE_CRYPTO_RSA_PKCS1_V1_5_BT0:
-	case RTE_CRYPTO_RSA_PKCS1_V1_5_BT1:
-	case RTE_CRYPTO_RSA_PKCS1_V1_5_BT2:
+	case RTE_CRYPTO_RSA_PADDING_PKCS1_5:
 		pad = RSA_PKCS1_PADDING;
 		break;
 	case RTE_CRYPTO_RSA_PADDING_NONE:
-- 
2.1.0


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [dpdk-dev] [PATCH v5 7/7] test: remove RSA PKCS1_5 BT0 padding from test cases
  2019-07-18 16:09 [dpdk-dev] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Arek Kusztal
                   ` (5 preceding siblings ...)
  2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 6/7] openssl: remove RSA PKCS1_5 " Arek Kusztal
@ 2019-07-18 16:09 ` Arek Kusztal
  2019-07-19  4:45 ` [dpdk-dev] [EXT] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Shally Verma
  7 siblings, 0 replies; 14+ messages in thread
From: Arek Kusztal @ 2019-07-18 16:09 UTC (permalink / raw)
  To: dev; +Cc: akhil.goyal, fiona.trahe, shallyv, damianx.nowak, Arek Kusztal

This patch removes RSA PKCS1_5 BT0 padding from test cases

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 app/test/test_cryptodev_asym.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 97f3430..95e7d34 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -94,7 +94,7 @@ queue_ops_rsa_sign_verify(struct rte_cryptodev_asym_session *sess)
 	asym_op->rsa.message.length = rsaplaintext.len;
 	asym_op->rsa.sign.length = 0;
 	asym_op->rsa.sign.data = output_buf;
-	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT1;
+	asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
 
 	debug_hexdump(stdout, "message", asym_op->rsa.message.data,
 		      asym_op->rsa.message.length);
@@ -126,7 +126,7 @@ queue_ops_rsa_sign_verify(struct rte_cryptodev_asym_session *sess)
 
 	/* Verify sign */
 	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
-	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT1;
+	asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
 
 	/* Process crypto operation */
 	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
@@ -185,7 +185,7 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
 	asym_op->rsa.cipher.data = cipher_buf;
 	asym_op->rsa.cipher.length = 0;
 	asym_op->rsa.message.length = rsaplaintext.len;
-	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2;
+	asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
 
 	debug_hexdump(stdout, "message", asym_op->rsa.message.data,
 		      asym_op->rsa.message.length);
@@ -217,7 +217,7 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
 	asym_op = result_op->asym;
 	asym_op->rsa.message.length = 0;
 	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
-	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2;
+	asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
 
 	/* Process crypto operation */
 	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
-- 
2.1.0


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [dpdk-dev] [EXT] [PATCH v5 2/7] cryptodev: add cipher field to RSA op
  2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 2/7] cryptodev: add cipher field to RSA op Arek Kusztal
@ 2019-07-19  4:42   ` " Shally Verma
  2019-07-19  5:10     ` Kusztal, ArkadiuszX
  0 siblings, 1 reply; 14+ messages in thread
From: Shally Verma @ 2019-07-19  4:42 UTC (permalink / raw)
  To: Arek Kusztal, dev
  Cc: akhil.goyal, fiona.trahe, damianx.nowak, Sunila Sahu, Ayuj Verma,
	Kanaka Durga Kotamarthy



> -----Original Message-----
> From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Sent: Thursday, July 18, 2019 9:40 PM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> <shallyv@marvell.com>; damianx.nowak@intel.com; Arek Kusztal
> <arkadiuszx.kusztal@intel.com>
> Subject: [EXT] [PATCH v5 2/7] cryptodev: add cipher field to RSA op
> 
> External Email
> 
> ----------------------------------------------------------------------
> Asymmetric nature of RSA algorithm suggest to use additional field for
> output. In place operations still can be done by setting cipher and message
> pointers with the same memory address.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  lib/librte_cryptodev/rte_crypto_asym.h | 43
> ++++++++++++++++++++++++++++------
>  1 file changed, 36 insertions(+), 7 deletions(-)
> 
> diff --git a/lib/librte_cryptodev/rte_crypto_asym.h
> b/lib/librte_cryptodev/rte_crypto_asym.h
> index 02ec304..1d4ec80 100644
> --- a/lib/librte_cryptodev/rte_crypto_asym.h
> +++ b/lib/librte_cryptodev/rte_crypto_asym.h
> @@ -395,21 +395,50 @@ struct rte_crypto_rsa_op_param {
> 
>  	rte_crypto_param message;
>  	/**<
> -	 * Pointer to data
> +	 * Pointer to input data
>  	 * - to be encrypted for RSA public encrypt.
> -	 * - to be decrypted for RSA private decrypt.
>  	 * - to be signed for RSA sign generation.
>  	 * - to be authenticated for RSA sign verification.
> +	 *
> +	 * Pointer to output data
> +	 * - for RSA private decrypt.
> +	 * In this case the underlying array should have been
> +	 * allocated with enough memory to hold plaintext output
> +	 * (i.e. must be at least RSA key size). The message.length
> +	 * field should be 0 and will be overwritten by the PMD
> +	 * with the decrypted length.
> +	 *
> +	 * All data is in Octet-string network byte order format.
> +	 */
As per Fiona feedback in another email, for PMD it does not matter what output buffer length is set to. All matters if it should be allocated large enough as per description in spec.
Given that, there is no need to mention specifically, that length should be set to 0. App can leave it to anything as PMD don't care. It does not and should not check for any valid params here.
Ditto is my feedback on cipher.length description below. There is no need to mention, it should be set to 0 specifically

If we agree, this change can be taken as part of next patch set. Current one can still go on.

Thanks
Shally



> +
> +	rte_crypto_param cipher;
> +	/**<
> +	 * Pointer to input data
> +	 * - to be decrypted for RSA private decrypt.
> +	 *
> +	 * Pointer to output data
> +	 * - for RSA public encrypt.
> +	 * In this case the underlying array should have been allocated
> +	 * with enough memory to hold ciphertext output (i.e. must be
> +	 * at least RSA key size). The cipher.length field should
> +	 * be 0 and will be overwritten by the PMD with the encrypted
> length.
> +	 *
> +	 * All data is in Octet-string network byte order format.
>  	 */
> 
>  	rte_crypto_param sign;
>  	/**<
> -	 * Pointer to RSA signature data. If operation is RSA
> -	 * sign @ref RTE_CRYPTO_ASYM_OP_SIGN, buffer will be
> -	 * over-written with generated signature.
> +	 * Pointer to input data
> +	 * - to be verified for RSA public decrypt.
> +	 *
> +	 * Pointer to output data
> +	 * - for RSA private encrypt.
> +	 * In this case the underlying array should have been allocated
> +	 * with enough memory to hold signature output (i.e. must be
> +	 * at least RSA key size). The sign.length field should
> +	 * be 0 and will be overwritten by the PMD with the signature length.
>  	 *
> -	 * Length of the signature data will be equal to the
> -	 * RSA modulus length.
> +	 * All data is in Octet-string network byte order format.
>  	 */
> 
>  	enum rte_crypto_rsa_padding_type pad;
> --
> 2.1.0


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [dpdk-dev] [EXT] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto
  2019-07-18 16:09 [dpdk-dev] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Arek Kusztal
                   ` (6 preceding siblings ...)
  2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 7/7] test: remove RSA PKCS1_5 BT0 padding from test cases Arek Kusztal
@ 2019-07-19  4:45 ` Shally Verma
  2019-07-19 12:51   ` Akhil Goyal
  7 siblings, 1 reply; 14+ messages in thread
From: Shally Verma @ 2019-07-19  4:45 UTC (permalink / raw)
  To: Arek Kusztal, dev
  Cc: akhil.goyal, fiona.trahe, damianx.nowak, Ayuj Verma,
	Kanaka Durga Kotamarthy, Sunila Sahu



> -----Original Message-----
> From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Sent: Thursday, July 18, 2019 9:40 PM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> <shallyv@marvell.com>; damianx.nowak@intel.com; Arek Kusztal
> <arkadiuszx.kusztal@intel.com>
> Subject: [EXT] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric
> crypto
> 
> External Email
> 
> ----------------------------------------------------------------------
> Ramoved patches that was not acked by Shally.
> So open things:
> 1. Creating padding struct.
> 2. Padding parameters (seedlen, optional label etc).
> 3. Leading zeroes questions.
> 4. Random number requirements.
> 5. Capabilities.
> 6. Verify signature field when none padding.
> 7. Padding none.
> 8. Signature input format.
> 
> Arek Kusztal (7):
>   cryptodev: change RSA API comments about primes
>   cryptodev: add cipher field to RSA op
>   crypto/openssl: add cipher field to openssl RSA implementation
>   test: add cipher field to RSA test
>   cryptodev: remove RSA PKCS1 BT0 padding
>   openssl: remove RSA PKCS1_5 BT0 padding
>   test: remove RSA PKCS1_5 BT0 padding from test cases
> 
>  app/test/test_cryptodev_asym.c           | 13 ++++---
>  drivers/crypto/openssl/rte_openssl_pmd.c | 12 +++----
>  lib/librte_cryptodev/rte_crypto_asym.h   | 61 +++++++++++++++++++++---
> --------
>  3 files changed, 55 insertions(+), 31 deletions(-)
> 
> --
> 2.1.0
With minor feedback on description on Patchv5 2/7,
Series-acked-by: Shally Verma <shallyv@marvell.com>


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [dpdk-dev] [EXT] [PATCH v5 2/7] cryptodev: add cipher field to RSA op
  2019-07-19  4:42   ` [dpdk-dev] [EXT] " Shally Verma
@ 2019-07-19  5:10     ` Kusztal, ArkadiuszX
  0 siblings, 0 replies; 14+ messages in thread
From: Kusztal, ArkadiuszX @ 2019-07-19  5:10 UTC (permalink / raw)
  To: Shally Verma, dev
  Cc: akhil.goyal, Trahe, Fiona, Nowak, DamianX, Sunila Sahu,
	Ayuj Verma, Kanaka Durga Kotamarthy

> > ----------------------------------------------------------------------
> > Asymmetric nature of RSA algorithm suggest to use additional field for
> > output. In place operations still can be done by setting cipher and
> > message pointers with the same memory address.
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> >  lib/librte_cryptodev/rte_crypto_asym.h | 43
> > ++++++++++++++++++++++++++++------
> >  1 file changed, 36 insertions(+), 7 deletions(-)
> >
> > diff --git a/lib/librte_cryptodev/rte_crypto_asym.h
> > b/lib/librte_cryptodev/rte_crypto_asym.h
> > index 02ec304..1d4ec80 100644
> > --- a/lib/librte_cryptodev/rte_crypto_asym.h
> > +++ b/lib/librte_cryptodev/rte_crypto_asym.h
> > @@ -395,21 +395,50 @@ struct rte_crypto_rsa_op_param {
> >
> >  	rte_crypto_param message;
> >  	/**<
> > -	 * Pointer to data
> > +	 * Pointer to input data
> >  	 * - to be encrypted for RSA public encrypt.
> > -	 * - to be decrypted for RSA private decrypt.
> >  	 * - to be signed for RSA sign generation.
> >  	 * - to be authenticated for RSA sign verification.
> > +	 *
> > +	 * Pointer to output data
> > +	 * - for RSA private decrypt.
> > +	 * In this case the underlying array should have been
> > +	 * allocated with enough memory to hold plaintext output
> > +	 * (i.e. must be at least RSA key size). The message.length
> > +	 * field should be 0 and will be overwritten by the PMD
> > +	 * with the decrypted length.
> > +	 *
> > +	 * All data is in Octet-string network byte order format.
> > +	 */
> As per Fiona feedback in another email, for PMD it does not matter what
> output buffer length is set to. All matters if it should be allocated large
> enough as per description in spec.
> Given that, there is no need to mention specifically, that length should be set
> to 0. App can leave it to anything as PMD don't care. It does not and should
> not check for any valid params here.
> Ditto is my feedback on cipher.length description below. There is no need to
> mention, it should be set to 0 specifically
> 
> If we agree, this change can be taken as part of next patch set. Current one
> can still go on.

I agree with Shally that it could be anything to work, but on the other hand I agree with Pablo and Fiona comment on future extensions and ABI breakage. Especially on so early level of API development. When we change this field in future that it can be random (which is possible) it will not break anything, but it would not work in the opposite direction.

> 
> Thanks
> Shally
> 
> 
> 
> > +
> > +	rte_crypto_param cipher;
> > +	/**<
> > +	 * Pointer to input data
> > +	 * - to be decrypted for RSA private decrypt.
> > +	 *
> > +	 * Pointer to output data
> > +	 * - for RSA public encrypt.
> > +	 * In this case the underlying array should have been allocated
> > +	 * with enough memory to hold ciphertext output (i.e. must be
> > +	 * at least RSA key size). The cipher.length field should
> > +	 * be 0 and will be overwritten by the PMD with the encrypted
> > length.
> > +	 *
> > +	 * All data is in Octet-string network byte order format.
> >  	 */
> >
> >  	rte_crypto_param sign;
> >  	/**<
> > -	 * Pointer to RSA signature data. If operation is RSA
> > -	 * sign @ref RTE_CRYPTO_ASYM_OP_SIGN, buffer will be
> > -	 * over-written with generated signature.
> > +	 * Pointer to input data
> > +	 * - to be verified for RSA public decrypt.
> > +	 *
> > +	 * Pointer to output data
> > +	 * - for RSA private encrypt.
> > +	 * In this case the underlying array should have been allocated
> > +	 * with enough memory to hold signature output (i.e. must be
> > +	 * at least RSA key size). The sign.length field should
> > +	 * be 0 and will be overwritten by the PMD with the signature length.
> >  	 *
> > -	 * Length of the signature data will be equal to the
> > -	 * RSA modulus length.
> > +	 * All data is in Octet-string network byte order format.
> >  	 */
> >
> >  	enum rte_crypto_rsa_padding_type pad;
> > --
> > 2.1.0


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [dpdk-dev] [EXT] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto
  2019-07-19  4:45 ` [dpdk-dev] [EXT] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Shally Verma
@ 2019-07-19 12:51   ` Akhil Goyal
  2019-07-19 16:23     ` Thomas Monjalon
  0 siblings, 1 reply; 14+ messages in thread
From: Akhil Goyal @ 2019-07-19 12:51 UTC (permalink / raw)
  To: Shally Verma, Arek Kusztal, dev
  Cc: fiona.trahe, damianx.nowak, Ayuj Verma, Kanaka Durga Kotamarthy,
	Sunila Sahu

> > ----------------------------------------------------------------------
> > Ramoved patches that was not acked by Shally.
> > So open things:
> > 1. Creating padding struct.
> > 2. Padding parameters (seedlen, optional label etc).
> > 3. Leading zeroes questions.
> > 4. Random number requirements.
> > 5. Capabilities.
> > 6. Verify signature field when none padding.
> > 7. Padding none.
> > 8. Signature input format.
> >
> > Arek Kusztal (7):
> >   cryptodev: change RSA API comments about primes
> >   cryptodev: add cipher field to RSA op
> >   crypto/openssl: add cipher field to openssl RSA implementation
> >   test: add cipher field to RSA test
> >   cryptodev: remove RSA PKCS1 BT0 padding
> >   openssl: remove RSA PKCS1_5 BT0 padding
> >   test: remove RSA PKCS1_5 BT0 padding from test cases
> >
> >  app/test/test_cryptodev_asym.c           | 13 ++++---
> >  drivers/crypto/openssl/rte_openssl_pmd.c | 12 +++----
> >  lib/librte_cryptodev/rte_crypto_asym.h   | 61 +++++++++++++++++++++---
> > --------
> >  3 files changed, 55 insertions(+), 31 deletions(-)
> >
> > --
> > 2.1.0
> With minor feedback on description on Patchv5 2/7,
> Series-acked-by: Shally Verma <shallyv@marvell.com>

Comment on 2/7 shall be taken in next series for next release as suggested by Shally.

Applied to dpdk-next-crypto

Thanks.


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [dpdk-dev] [EXT] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto
  2019-07-19 12:51   ` Akhil Goyal
@ 2019-07-19 16:23     ` Thomas Monjalon
  2019-07-19 16:55       ` Kusztal, ArkadiuszX
  0 siblings, 1 reply; 14+ messages in thread
From: Thomas Monjalon @ 2019-07-19 16:23 UTC (permalink / raw)
  To: Arek Kusztal
  Cc: dev, Akhil Goyal, Shally Verma, fiona.trahe, damianx.nowak,
	Ayuj Verma, Kanaka Durga Kotamarthy, Sunila Sahu

19/07/2019 14:51, Akhil Goyal:
> > > Arek Kusztal (7):
> > >   cryptodev: change RSA API comments about primes
> > >   cryptodev: add cipher field to RSA op
> > >   crypto/openssl: add cipher field to openssl RSA implementation
> > >   test: add cipher field to RSA test
> > >   cryptodev: remove RSA PKCS1 BT0 padding
> > >   openssl: remove RSA PKCS1_5 BT0 padding
> > >   test: remove RSA PKCS1_5 BT0 padding from test cases
> > >
> > With minor feedback on description on Patchv5 2/7,
> > Series-acked-by: Shally Verma <shallyv@marvell.com>
> 
> Comment on 2/7 shall be taken in next series for next release as suggested by Shally.
> 
> Applied to dpdk-next-crypto

A commit in cryptodev is removing a field which is removed in PMDs
in next patches. Guess what? It breaks the compilation in the middle.
Anyway, there is no reason for this split, so I squash the patches.






^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [dpdk-dev] [EXT] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto
  2019-07-19 16:23     ` Thomas Monjalon
@ 2019-07-19 16:55       ` Kusztal, ArkadiuszX
  0 siblings, 0 replies; 14+ messages in thread
From: Kusztal, ArkadiuszX @ 2019-07-19 16:55 UTC (permalink / raw)
  To: Thomas Monjalon
  Cc: dev, Akhil Goyal, Shally Verma, Trahe, Fiona, Nowak, DamianX,
	Ayuj Verma, Kanaka Durga Kotamarthy, Sunila Sahu

Hi Thomas,

> -----Original Message-----
> From: Thomas Monjalon [mailto:thomas@monjalon.net]
> Sent: Friday, July 19, 2019 6:23 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Cc: dev@dpdk.org; Akhil Goyal <akhil.goyal@nxp.com>; Shally Verma
> <shallyv@marvell.com>; Trahe, Fiona <fiona.trahe@intel.com>; Nowak,
> DamianX <damianx.nowak@intel.com>; Ayuj Verma
> <ayverma@marvell.com>; Kanaka Durga Kotamarthy
> <kkotamarthy@marvell.com>; Sunila Sahu <ssahu@marvell.com>
> Subject: Re: [dpdk-dev] [EXT] [PATCH v5 0/7] Rework API for RSA algorithm in
> asymmetric crypto
> 
> 19/07/2019 14:51, Akhil Goyal:
> > > > Arek Kusztal (7):
> > > >   cryptodev: change RSA API comments about primes
> > > >   cryptodev: add cipher field to RSA op
> > > >   crypto/openssl: add cipher field to openssl RSA implementation
> > > >   test: add cipher field to RSA test
> > > >   cryptodev: remove RSA PKCS1 BT0 padding
> > > >   openssl: remove RSA PKCS1_5 BT0 padding
> > > >   test: remove RSA PKCS1_5 BT0 padding from test cases
> > > >
> > > With minor feedback on description on Patchv5 2/7,
> > > Series-acked-by: Shally Verma <shallyv@marvell.com>
> >
> > Comment on 2/7 shall be taken in next series for next release as suggested
> by Shally.
> >
> > Applied to dpdk-next-crypto
> 
> A commit in cryptodev is removing a field which is removed in PMDs in next
> patches. Guess what? It breaks the compilation in the middle.
> Anyway, there is no reason for this split, so I squash the patches. 
[AK] Sorry for that. In future I will squash such commits into one then.
> 
> 
> 
> 


^ permalink raw reply	[flat|nested] 14+ messages in thread

end of thread, back to index

Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-18 16:09 [dpdk-dev] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 1/7] cryptodev: change RSA API comments about primes Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 2/7] cryptodev: add cipher field to RSA op Arek Kusztal
2019-07-19  4:42   ` [dpdk-dev] [EXT] " Shally Verma
2019-07-19  5:10     ` Kusztal, ArkadiuszX
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 3/7] crypto/openssl: add cipher field to openssl RSA implementation Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 4/7] test: add cipher field to RSA test Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 5/7] cryptodev: remove RSA PKCS1 BT0 padding Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 6/7] openssl: remove RSA PKCS1_5 " Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 7/7] test: remove RSA PKCS1_5 BT0 padding from test cases Arek Kusztal
2019-07-19  4:45 ` [dpdk-dev] [EXT] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Shally Verma
2019-07-19 12:51   ` Akhil Goyal
2019-07-19 16:23     ` Thomas Monjalon
2019-07-19 16:55       ` Kusztal, ArkadiuszX

DPDK-dev Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/dpdk-dev/0 dpdk-dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dpdk-dev dpdk-dev/ https://lore.kernel.org/dpdk-dev \
		dev@dpdk.org dpdk-dev@archiver.kernel.org
	public-inbox-index dpdk-dev


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/ public-inbox