[dpdk-dev] [PATCH v3 00/11] Rework API for RSA algorithm in asymmetric crypto

[dpdk-dev] [PATCH v3 00/11] Rework API for RSA algorithm in asymmetric crypto

[Arek Kusztal]

Split into smaller commits, in order from least disputable ones.
Open things beside this:
1. Creating padding struct
2. Padding parameters (seedlen, optional label etc) 
3. Leading zeroes questions.
4. Random number requirements.
5. Capabilities.
6. Verify signature field when none padding.

v3:
- split into smaller patches
- removed padding struct changes
- rebased against patches from CRT patches from Ayuj Verma

This patchset depends on following patches:
[1] 
test/crypto: move rsa enqueue/dequeue into separate functions
(http://patchwork.dpdk.org/patch/56342/)
[2]
test/crypto: add tests for RSA key type CRT
(http://patchwork.dpdk.org/patch/56343/)

Arek Kusztal (11):
  cryptodev: change RSA API comments about primes
  cryptodev: add cipher field to RSA op
  crypto/openssl: add cipher field to openssl RSA implementation
  test: add cipher field to RSA test
  cryptodev: add information about message format when signing with RSA
  cryptodev: remove RSA PKCS1 BT0 padding
  openssl: remove RSA PKCS1_5 BT0 padding
  test: remove RSA PKCS1_5 BT0 padding from test cases
  cryptodev: add RSA padding none description
  test: add pkcs1_5 padding simulation
  test: add RSA PKCS1_5 padding case when no padding selected

 app/test/test_cryptodev_asym.c           | 53 ++++++++++++++++++++------
 app/test/test_cryptodev_asym_util.h      | 54 ++++++++++++++++++++++++++
 drivers/crypto/openssl/rte_openssl_pmd.c | 12 +++---
 lib/librte_cryptodev/rte_crypto_asym.h   | 65 ++++++++++++++++++++++++--------
 4 files changed, 150 insertions(+), 34 deletions(-)

-- 
2.1.0

[dpdk-dev] [PATCH v3 01/11] cryptodev: change RSA API comments about primes

[Arek Kusztal]

RSA modulus cannot be prime as its security basing on integer
factorization.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/librte_cryptodev/rte_crypto_asym.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/librte_cryptodev/rte_crypto_asym.h b/lib/librte_cryptodev/rte_crypto_asym.h
index 8672f21..02ec304 100644
--- a/lib/librte_cryptodev/rte_crypto_asym.h
+++ b/lib/librte_cryptodev/rte_crypto_asym.h
@@ -199,8 +199,8 @@ struct rte_crypto_rsa_priv_key_qt {
  */
 struct rte_crypto_rsa_xform {
 	rte_crypto_param n;
-	/**< n - Prime modulus
-	 * Prime modulus data of RSA operation in Octet-string network
+	/**< n - Modulus
+	 * Modulus data of RSA operation in Octet-string network
 	 * byte order format.
 	 */
 
@@ -409,7 +409,7 @@ struct rte_crypto_rsa_op_param {
 	 * over-written with generated signature.
 	 *
 	 * Length of the signature data will be equal to the
-	 * RSA prime modulus length.
+	 * RSA modulus length.
 	 */
 
 	enum rte_crypto_rsa_padding_type pad;
-- 
2.1.0

[dpdk-dev] [PATCH v3 02/11] cryptodev: add cipher field to RSA op

[Arek Kusztal]

Asymmetric nature of RSA algorithm suggest to use
additional field for output. In place operations
still can be done by setting cipher and message pointers
with the same memory address.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/librte_cryptodev/rte_crypto_asym.h | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/lib/librte_cryptodev/rte_crypto_asym.h b/lib/librte_cryptodev/rte_crypto_asym.h
index 02ec304..16c86c9 100644
--- a/lib/librte_cryptodev/rte_crypto_asym.h
+++ b/lib/librte_cryptodev/rte_crypto_asym.h
@@ -397,9 +397,33 @@ struct rte_crypto_rsa_op_param {
 	/**<
 	 * Pointer to data
 	 * - to be encrypted for RSA public encrypt.
-	 * - to be decrypted for RSA private decrypt.
 	 * - to be signed for RSA sign generation.
 	 * - to be authenticated for RSA sign verification.
+	 *
+	 * Octet-string network byte order format.
+	 *
+	 * This field is an input to RTE_CRYPTO_ASYM_OP_ENCRYPT
+	 * operation, and output to RTE_CRYPTO_ASYM_OP_DECRYPT operation.
+	 *
+	 * When RTE_CRYPTO_ASYM_OP_DECRYPT op_type used length in bytes
+	 * of this field needs to be greater or equal to the length of
+	 * corresponding RSA key in bytes.
+	 */
+
+
+	rte_crypto_param cipher;
+	/**<
+	 * Pointer to data
+	 * - to be decrypted for RSA private decrypt.
+	 *
+	 * Octet-string network byte order format.
+	 *
+	 * This field is an input to RTE_CRYPTO_ASYM_OP_DECRYPT
+	 * operation, and output to RTE_CRYPTO_ASYM_OP_ENCRYPT operation.
+	 *
+	 * When RTE_CRYPTO_ASYM_OP_ENCRYPT op_type used length in bytes
+	 * of this field needs to be greater or equal to the length of
+	 * corresponding RSA key in bytes.
 	 */
 
 	rte_crypto_param sign;
-- 
2.1.0

[dpdk-dev] [PATCH v3 03/11] crypto/openssl: add cipher field to openssl RSA implementation

[Arek Kusztal]

This commit adds cipher field to openssl pmd to comfort to
API change.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 7c8bf0d..71ae320 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1867,19 +1867,19 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
 	case RTE_CRYPTO_ASYM_OP_ENCRYPT:
 		ret = RSA_public_encrypt(op->rsa.message.length,
 				op->rsa.message.data,
-				op->rsa.message.data,
+				op->rsa.cipher.data,
 				rsa,
 				pad);
 
 		if (ret > 0)
-			op->rsa.message.length = ret;
+			op->rsa.cipher.length = ret;
 		OPENSSL_LOG(DEBUG,
 				"length of encrypted text %d\n", ret);
 		break;
 
 	case RTE_CRYPTO_ASYM_OP_DECRYPT:
-		ret = RSA_private_decrypt(op->rsa.message.length,
-				op->rsa.message.data,
+		ret = RSA_private_decrypt(op->rsa.cipher.length,
+				op->rsa.cipher.data,
 				op->rsa.message.data,
 				rsa,
 				pad);
-- 
2.1.0

[dpdk-dev] [PATCH v3 04/11] test: add cipher field to RSA test

[Arek Kusztal]

This patch adds cipher field to RSA test cases

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 app/test/test_cryptodev_asym.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 4dee164..8391545 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -164,6 +164,7 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
 	uint8_t dev_id = ts_params->valid_devs[0];
 	struct rte_crypto_op *op, *result_op;
 	struct rte_crypto_asym_op *asym_op;
+	uint8_t cipher_buf[TEST_DATA_SIZE] = {0};
 	int ret, status = TEST_SUCCESS;
 
 	/* Set up crypto op data structure */
@@ -180,6 +181,8 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
 	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
 
 	asym_op->rsa.message.data = rsaplaintext.data;
+	asym_op->rsa.cipher.data = cipher_buf;
+	asym_op->rsa.cipher.length = 0;
 	asym_op->rsa.message.length = rsaplaintext.len;
 	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2;
 
-- 
2.1.0

[dpdk-dev] [PATCH v3 05/11] cryptodev: add information about message format when signing with RSA

[Arek Kusztal]

This patch adds information about format of the message should have
before sending it to the signing operation when using RSA algorithm.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/librte_cryptodev/rte_crypto_asym.h | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/librte_cryptodev/rte_crypto_asym.h b/lib/librte_cryptodev/rte_crypto_asym.h
index 16c86c9..ad484de 100644
--- a/lib/librte_cryptodev/rte_crypto_asym.h
+++ b/lib/librte_cryptodev/rte_crypto_asym.h
@@ -408,6 +408,15 @@ struct rte_crypto_rsa_op_param {
 	 * When RTE_CRYPTO_ASYM_OP_DECRYPT op_type used length in bytes
 	 * of this field needs to be greater or equal to the length of
 	 * corresponding RSA key in bytes.
+	 *
+	 * When RTE_CRYPTO_ASYM_OP_SIGN op_type used and following padding
+	 * type:
+	 * - padding PKCS1_5:
+	 * data provided should contain `algorithmIdentifier` in DER encoded
+	 * format concatenated with message digest (as per spec rfc8017 9.2)
+	 * - padding PSS
+	 * data provided should contain message digest of the message
+	 * to be signed
 	 */
 
 
-- 
2.1.0

[dpdk-dev] [PATCH v3 06/11] cryptodev: remove RSA PKCS1 BT0 padding

[Arek Kusztal]

BT0 block type padding after rfc2313 has been discontinued.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/librte_cryptodev/rte_crypto_asym.h | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/lib/librte_cryptodev/rte_crypto_asym.h b/lib/librte_cryptodev/rte_crypto_asym.h
index ad484de..5026042 100644
--- a/lib/librte_cryptodev/rte_crypto_asym.h
+++ b/lib/librte_cryptodev/rte_crypto_asym.h
@@ -112,17 +112,9 @@ enum rte_crypto_asym_op_type {
 enum rte_crypto_rsa_padding_type {
 	RTE_CRYPTO_RSA_PADDING_NONE = 0,
 	/**< RSA no padding scheme */
-	RTE_CRYPTO_RSA_PKCS1_V1_5_BT0,
-	/**< RSA PKCS#1 V1.5 Block Type 0 padding scheme
-	 * as described in rfc2313
-	 */
-	RTE_CRYPTO_RSA_PKCS1_V1_5_BT1,
-	/**< RSA PKCS#1 V1.5 Block Type 01 padding scheme
-	 * as described in rfc2313
-	 */
-	RTE_CRYPTO_RSA_PKCS1_V1_5_BT2,
-	/**< RSA PKCS#1 V1.5 Block Type 02 padding scheme
-	 * as described in rfc2313
+	RTE_CRYPTO_RSA_PADDING_PKCS1_5,
+	/**< RSA PKCS#1 PKCS1-v1_5 padding scheme. For signatures block type 01,
+	 * for encryption block type 02 are used.
 	 */
 	RTE_CRYPTO_RSA_PADDING_OAEP,
 	/**< RSA PKCS#1 OAEP padding scheme */
-- 
2.1.0

[dpdk-dev] [PATCH v3 07/11] openssl: remove RSA PKCS1_5 BT0 padding

[Arek Kusztal]

This patch removes RSA PKCS1_5 BT0 padding from openssl PMD.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 71ae320..2f55528 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1848,9 +1848,7 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
 	cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
 	switch (pad) {
-	case RTE_CRYPTO_RSA_PKCS1_V1_5_BT0:
-	case RTE_CRYPTO_RSA_PKCS1_V1_5_BT1:
-	case RTE_CRYPTO_RSA_PKCS1_V1_5_BT2:
+	case RTE_CRYPTO_RSA_PADDING_PKCS1_5:
 		pad = RSA_PKCS1_PADDING;
 		break;
 	case RTE_CRYPTO_RSA_PADDING_NONE:
-- 
2.1.0

[dpdk-dev] [PATCH v3 08/11] test: remove RSA PKCS1_5 BT0 padding from test cases

[Arek Kusztal]

This patch removes RSA PKCS1_5 BT0 padding from test cases

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 app/test/test_cryptodev_asym.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 8391545..0e1277b 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -93,7 +93,7 @@ queue_ops_rsa_sign_verify(struct rte_cryptodev_asym_session *sess)
 	asym_op->rsa.message.data = rsaplaintext.data;
 	asym_op->rsa.message.length = rsaplaintext.len;
 	asym_op->rsa.sign.data = output_buf;
-	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT1;
+	asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
 
 	debug_hexdump(stdout, "message", asym_op->rsa.message.data,
 		      asym_op->rsa.message.length);
@@ -125,7 +125,7 @@ queue_ops_rsa_sign_verify(struct rte_cryptodev_asym_session *sess)
 
 	/* Verify sign */
 	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
-	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT1;
+	asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
 
 	/* Process crypto operation */
 	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
@@ -184,7 +184,7 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
 	asym_op->rsa.cipher.data = cipher_buf;
 	asym_op->rsa.cipher.length = 0;
 	asym_op->rsa.message.length = rsaplaintext.len;
-	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2;
+	asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
 
 	debug_hexdump(stdout, "message", asym_op->rsa.message.data,
 		      asym_op->rsa.message.length);
@@ -215,7 +215,7 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
 	/* Use the resulted output as decryption Input vector*/
 	asym_op = result_op->asym;
 	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
-	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2;
+	asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
 
 	/* Process crypto operation */
 	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
-- 
2.1.0

[dpdk-dev] [PATCH v3 09/11] cryptodev: add RSA padding none description

[Arek Kusztal]

This patch adds RSA padding none description.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/librte_cryptodev/rte_crypto_asym.h | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/librte_cryptodev/rte_crypto_asym.h b/lib/librte_cryptodev/rte_crypto_asym.h
index 5026042..7f630f0 100644
--- a/lib/librte_cryptodev/rte_crypto_asym.h
+++ b/lib/librte_cryptodev/rte_crypto_asym.h
@@ -90,7 +90,10 @@ enum rte_crypto_asym_xform_type {
  */
 enum rte_crypto_asym_op_type {
 	RTE_CRYPTO_ASYM_OP_ENCRYPT,
-	/**< Asymmetric Encrypt operation */
+	/**< RSA no padding scheme.
+	 * In this case user is responsible for provision and verification
+	 * of padding.
+	 */
 	RTE_CRYPTO_ASYM_OP_DECRYPT,
 	/**< Asymmetric Decrypt operation */
 	RTE_CRYPTO_ASYM_OP_SIGN,
@@ -409,6 +412,11 @@ struct rte_crypto_rsa_op_param {
 	 * - padding PSS
 	 * data provided should contain message digest of the message
 	 * to be signed
+	 *
+	 * When padding field is set to RTE_CRYPTO_RSA_PADDING_NONE
+	 * and RTE_CRYPTO_ASYM_OP_DECRYPT op_type used returned data size
+	 * will be equal to the size of RSA key in bytes. All leading
+	 * zeroes will be preserved.
 	 */
 
 
-- 
2.1.0

[dpdk-dev] [PATCH v3 10/11] test: add pkcs1_5 padding simulation

[Arek Kusztal]

This patch adds function to simulate pkcs1_5 padding, it serves nothing
else than example. It provides no security and should not be used in
security context.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 app/test/test_cryptodev_asym_util.h | 54 +++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/app/test/test_cryptodev_asym_util.h b/app/test/test_cryptodev_asym_util.h
index b3d9fb4..f984166 100644
--- a/app/test/test_cryptodev_asym_util.h
+++ b/app/test/test_cryptodev_asym_util.h
@@ -1,10 +1,64 @@
 /* SPDX-License-Identifier: BSD-3-Clause
  * Copyright(c) 2018 Cavium Networks
+ * Copyright (c) 2019 Intel Corporation
  */
 
 #ifndef TEST_CRYPTODEV_ASYM_TEST_UTIL_H__
 #define TEST_CRYPTODEV_ASYM_TEST_UTIL_H__
 
+/*
+ * Two functions below simulate pkcs 1.5 padding and serves only as an example,
+ * both offer no security.
+ */
+static inline int rsa_simulate_pkcs1_5_padding(int op, uint8_t *p,
+		int key_size, const uint8_t *src, int len) {
+
+	int ps_len;
+
+	if (len > key_size - 11)
+		return -1;
+	ps_len = key_size - len - 3;
+
+	*(p++) = 0;
+	*(p++) = op ? 1 : 2;
+	if (op) {
+		while (ps_len--)
+			*(p++) = 0xFF;
+	} else {
+		while (ps_len--) {
+			*p = (uint8_t)rand();
+			*p ^= !(*p);
+			p++;
+		}
+	}
+
+	*(p++) = 0;
+	memcpy(p, src, len);
+
+	return 0;
+}
+
+static inline int rsa_simulate_strip_pkcs1_5_padding(uint8_t *src,
+		int key_size) {
+	uint8_t tmp[key_size], *orig_src = src;
+	int i = 1;
+	++src;
+	while (*(src) && i < key_size) {
+		++i;
+		++src;
+	}
+	if (i == key_size)
+		return -1;
+
+	++i;
+	++src;
+
+	memcpy(tmp, src, key_size - i);
+	memcpy(orig_src, tmp, key_size - i);
+	return key_size - i;
+}
+
+
 /* Below Apis compare resulted buffer to original test vector */
 
 static inline int rsa_verify(struct rsa_test_data *rsa_param,
-- 
2.1.0

[dpdk-dev] [PATCH v3 11/11] test: add RSA PKCS1_5 padding case when no padding selected

[Arek Kusztal]

This patch adds an example how to use padding none option with RSA.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 app/test/test_cryptodev_asym.c | 46 +++++++++++++++++++++++++++++++++---------
 1 file changed, 37 insertions(+), 9 deletions(-)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 0e1277b..fa5ddab 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -157,13 +157,15 @@ queue_ops_rsa_sign_verify(struct rte_cryptodev_asym_session *sess)
 }
 
 static int
-queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
+queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess,
+		enum rte_crypto_rsa_padding_type padding)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct rte_mempool *op_mpool = ts_params->op_mpool;
 	uint8_t dev_id = ts_params->valid_devs[0];
 	struct rte_crypto_op *op, *result_op;
 	struct rte_crypto_asym_op *asym_op;
+	uint8_t input_buf[TEST_DATA_SIZE] = {0};
 	uint8_t cipher_buf[TEST_DATA_SIZE] = {0};
 	int ret, status = TEST_SUCCESS;
 
@@ -180,11 +182,19 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
 	/* Compute encryption on the test vector */
 	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
 
-	asym_op->rsa.message.data = rsaplaintext.data;
 	asym_op->rsa.cipher.data = cipher_buf;
 	asym_op->rsa.cipher.length = 0;
-	asym_op->rsa.message.length = rsaplaintext.len;
-	asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
+	asym_op->rsa.pad = padding;
+
+	if (padding == RTE_CRYPTO_RSA_PADDING_NONE) {
+		rsa_simulate_pkcs1_5_padding(0, input_buf, rsa_xform.rsa.n.length,
+				rsaplaintext.data, rsaplaintext.len);
+		asym_op->rsa.message.length = rsa_xform.rsa.n.length;
+		asym_op->rsa.message.data = input_buf;
+	} else if (padding == RTE_CRYPTO_RSA_PADDING_PKCS1_5) {
+		asym_op->rsa.message.data = rsaplaintext.data;
+		asym_op->rsa.message.length = rsaplaintext.len;
+	}
 
 	debug_hexdump(stdout, "message", asym_op->rsa.message.data,
 		      asym_op->rsa.message.length);
@@ -215,7 +225,7 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
 	/* Use the resulted output as decryption Input vector*/
 	asym_op = result_op->asym;
 	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
-	asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
+	asym_op->rsa.pad = padding;
 
 	/* Process crypto operation */
 	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
@@ -233,6 +243,13 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
 		goto error_exit;
 	}
 	status = TEST_SUCCESS;
+
+	if (padding == RTE_CRYPTO_RSA_PADDING_NONE) {
+		result_op->asym->rsa.message.length =
+			rsa_simulate_strip_pkcs1_5_padding(result_op->asym->rsa.message.data,
+			rsa_xform.rsa.n.length);
+	}
+
 	ret = rsa_verify(&rsaplaintext, result_op);
 	if (ret)
 		status = TEST_FAILED;
@@ -562,7 +579,7 @@ test_rsa_sign_verify(void)
 }
 
 static int
-test_rsa_enc_dec(void)
+test_rsa_enc_dec(enum rte_crypto_rsa_padding_type padding)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct rte_mempool *sess_mpool = ts_params->session_mpool;
@@ -597,7 +614,7 @@ test_rsa_enc_dec(void)
 		goto error_exit;
 	}
 
-	status = queue_ops_rsa_enc_dec(sess);
+	status = queue_ops_rsa_enc_dec(sess, padding);
 
 error_exit:
 
@@ -610,6 +627,16 @@ test_rsa_enc_dec(void)
 }
 
 static int
+test_rsa_enc_dec_padding_none(void) {
+	return test_rsa_enc_dec(RTE_CRYPTO_RSA_PADDING_NONE);
+}
+
+static int
+test_rsa_enc_dec_padding_pkcs_1(void) {
+	return test_rsa_enc_dec(RTE_CRYPTO_RSA_PADDING_PKCS1_5);
+}
+
+static int
 test_rsa_sign_verify_crt(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
@@ -692,7 +719,7 @@ test_rsa_enc_dec_crt(void)
 		status = TEST_FAILED;
 		goto error_exit;
 	}
-	status = queue_ops_rsa_enc_dec(sess);
+	status = queue_ops_rsa_enc_dec(sess, RTE_CRYPTO_RSA_PADDING_PKCS1_5);
 
 error_exit:
 
@@ -1767,7 +1794,8 @@ static struct unit_test_suite cryptodev_openssl_asym_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown, test_capability),
 		TEST_CASE_ST(ut_setup, ut_teardown, test_dsa),
 		TEST_CASE_ST(ut_setup, ut_teardown, test_dh_keygenration),
-		TEST_CASE_ST(ut_setup, ut_teardown, test_rsa_enc_dec),
+		TEST_CASE_ST(ut_setup, ut_teardown, test_rsa_enc_dec_padding_none),
+		TEST_CASE_ST(ut_setup, ut_teardown, test_rsa_enc_dec_padding_pkcs_1),
 		TEST_CASE_ST(ut_setup, ut_teardown, test_rsa_sign_verify),
 		TEST_CASE_ST(ut_setup, ut_teardown, test_rsa_enc_dec_crt),
 		TEST_CASE_ST(ut_setup, ut_teardown, test_rsa_sign_verify_crt),
-- 
2.1.0

Re: [dpdk-dev] [EXT] [PATCH v3 01/11] cryptodev: change RSA API comments about primes

[Shally Verma]

> -----Original Message-----
> From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Sent: Wednesday, July 17, 2019 12:23 AM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> <shallyv@marvell.com>; Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Subject: [EXT] [PATCH v3 01/11] cryptodev: change RSA API comments about
> primes
> 
> External Email
> 
> ----------------------------------------------------------------------
> RSA modulus cannot be prime as its security basing on integer factorization.
> 
[Shally] I think you mean here that "RSA modulus input cannot be prime as it is multiple of 2 primes"

> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
Other than minor rephrasing requirement on commit log, change is 
Acked-by: Shally Verma <shallyv@marvell.com>

>  lib/librte_cryptodev/rte_crypto_asym.h | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/lib/librte_cryptodev/rte_crypto_asym.h
> b/lib/librte_cryptodev/rte_crypto_asym.h
> index 8672f21..02ec304 100644
> --- a/lib/librte_cryptodev/rte_crypto_asym.h
> +++ b/lib/librte_cryptodev/rte_crypto_asym.h
> @@ -199,8 +199,8 @@ struct rte_crypto_rsa_priv_key_qt {
>   */
>  struct rte_crypto_rsa_xform {
>  	rte_crypto_param n;
> -	/**< n - Prime modulus
> -	 * Prime modulus data of RSA operation in Octet-string network
> +	/**< n - Modulus
> +	 * Modulus data of RSA operation in Octet-string network
>  	 * byte order format.
>  	 */
> 
> @@ -409,7 +409,7 @@ struct rte_crypto_rsa_op_param {
>  	 * over-written with generated signature.
>  	 *
>  	 * Length of the signature data will be equal to the
> -	 * RSA prime modulus length.
> +	 * RSA modulus length.
>  	 */
> 
>  	enum rte_crypto_rsa_padding_type pad;
> --
> 2.1.0

Re: [dpdk-dev] [EXT] [PATCH v3 02/11] cryptodev: add cipher field to RSA op

[Shally Verma]

> -----Original Message-----
> From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Sent: Wednesday, July 17, 2019 12:23 AM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> <shallyv@marvell.com>; Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Subject: [EXT] [PATCH v3 02/11] cryptodev: add cipher field to RSA op
> 
> External Email
> 
> ----------------------------------------------------------------------
> Asymmetric nature of RSA algorithm suggest to use additional field for
> output. In place operations still can be done by setting cipher and message
> pointers with the same memory address.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  lib/librte_cryptodev/rte_crypto_asym.h | 26
> +++++++++++++++++++++++++-
>  1 file changed, 25 insertions(+), 1 deletion(-)
> 
> diff --git a/lib/librte_cryptodev/rte_crypto_asym.h
> b/lib/librte_cryptodev/rte_crypto_asym.h
> index 02ec304..16c86c9 100644
> --- a/lib/librte_cryptodev/rte_crypto_asym.h
> +++ b/lib/librte_cryptodev/rte_crypto_asym.h
> @@ -397,9 +397,33 @@ struct rte_crypto_rsa_op_param {
>  	/**<
>  	 * Pointer to data
>  	 * - to be encrypted for RSA public encrypt.
> -	 * - to be decrypted for RSA private decrypt.
>  	 * - to be signed for RSA sign generation.
>  	 * - to be authenticated for RSA sign verification.
> +	 *
> +	 * Octet-string network byte order format.
> +	 *
> +	 * This field is an input to RTE_CRYPTO_ASYM_OP_ENCRYPT
> +	 * operation, and output to RTE_CRYPTO_ASYM_OP_DECRYPT
> operation.
> +	 *
> +	 * When RTE_CRYPTO_ASYM_OP_DECRYPT op_type used length in
> bytes
> +	 * of this field needs to be greater or equal to the length of
> +	 * corresponding RSA key in bytes.
> +	 */
[Shally] this overall look repetitive here. Since now this buffer is both input and output depending on op_type.
How about , if we just change description to: 
Pointer to plaintext buffer. This buffer is input to RSA_CRYPTO_ASYM_OP_TYPE_ENCRYPT/ SIGN, VERIFY
And Output to RTE_CRYPTO_ASYM_OP_TYPE_DECRYPT

> +
> +
> +	rte_crypto_param cipher;
> +	/**<
> +	 * Pointer to data
> +	 * - to be decrypted for RSA private decrypt.
> +	 *
> +	 * Octet-string network byte order format.
> +	 *
> +	 * This field is an input to RTE_CRYPTO_ASYM_OP_DECRYPT
> +	 * operation, and output to RTE_CRYPTO_ASYM_OP_ENCRYPT
> operation.
> +	 *
> +	 * When RTE_CRYPTO_ASYM_OP_ENCRYPT op_type used length in
> bytes
> +	 * of this field needs to be greater or equal to the length of
> +	 * corresponding RSA key in bytes.
>  	 */
[Shally] So is my suggestion here. Change to like "Pointer to Ciphetext buffer ..."

> 
>  	rte_crypto_param sign;
> --
> 2.1.0

Re: [dpdk-dev] [EXT] [PATCH v3 04/11] test: add cipher field to RSA test

[Shally Verma]

> -----Original Message-----
> From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Sent: Wednesday, July 17, 2019 12:23 AM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> <shallyv@marvell.com>; Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Subject: [EXT] [PATCH v3 04/11] test: add cipher field to RSA test
> 
> External Email
> 
> ----------------------------------------------------------------------
> This patch adds cipher field to RSA test cases
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  app/test/test_cryptodev_asym.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/app/test/test_cryptodev_asym.c
> b/app/test/test_cryptodev_asym.c index 4dee164..8391545 100644
> --- a/app/test/test_cryptodev_asym.c
> +++ b/app/test/test_cryptodev_asym.c
> @@ -164,6 +164,7 @@ queue_ops_rsa_enc_dec(struct
> rte_cryptodev_asym_session *sess)
>  	uint8_t dev_id = ts_params->valid_devs[0];
>  	struct rte_crypto_op *op, *result_op;
>  	struct rte_crypto_asym_op *asym_op;
> +	uint8_t cipher_buf[TEST_DATA_SIZE] = {0};
>  	int ret, status = TEST_SUCCESS;
> 
>  	/* Set up crypto op data structure */
> @@ -180,6 +181,8 @@ queue_ops_rsa_enc_dec(struct
> rte_cryptodev_asym_session *sess)
>  	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
> 
>  	asym_op->rsa.message.data = rsaplaintext.data;
> +	asym_op->rsa.cipher.data = cipher_buf;
> +	asym_op->rsa.cipher.length = 0;
[Shally] I think this should be initialized to length of buffer available i.e. RSA Key size? PMD can override it with length of actual data written at output, which has to be less than , equal to RSA_key size.

>  	asym_op->rsa.message.length = rsaplaintext.len;
>  	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2;
> 
> --
> 2.1.0

Re: [dpdk-dev] [EXT] [PATCH v3 03/11] crypto/openssl: add cipher field to openssl RSA implementation

[Shally Verma]

> -----Original Message-----
> From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Sent: Wednesday, July 17, 2019 12:23 AM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> <shallyv@marvell.com>; Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Subject: [EXT] [PATCH v3 03/11] crypto/openssl: add cipher field to openssl
> RSA implementation
> 
> External Email
> 
> ----------------------------------------------------------------------
> This commit adds cipher field to openssl pmd to comfort to API change.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
Acked-by: Shally Verma <shallyv@marvell.com>

>  drivers/crypto/openssl/rte_openssl_pmd.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index 7c8bf0d..71ae320 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -1867,19 +1867,19 @@ process_openssl_rsa_op(struct rte_crypto_op
> *cop,
>  	case RTE_CRYPTO_ASYM_OP_ENCRYPT:
>  		ret = RSA_public_encrypt(op->rsa.message.length,
>  				op->rsa.message.data,
> -				op->rsa.message.data,
> +				op->rsa.cipher.data,
>  				rsa,
>  				pad);
> 
>  		if (ret > 0)
> -			op->rsa.message.length = ret;
> +			op->rsa.cipher.length = ret;
>  		OPENSSL_LOG(DEBUG,
>  				"length of encrypted text %d\n", ret);
>  		break;
> 
>  	case RTE_CRYPTO_ASYM_OP_DECRYPT:
> -		ret = RSA_private_decrypt(op->rsa.message.length,
> -				op->rsa.message.data,
> +		ret = RSA_private_decrypt(op->rsa.cipher.length,
> +				op->rsa.cipher.data,
>  				op->rsa.message.data,
>  				rsa,
>  				pad);
> --
> 2.1.0

Re: [dpdk-dev] [EXT] [PATCH v3 04/11] test: add cipher field to RSA test

[Kusztal, ArkadiuszX]

> -----Original Message-----
> From: Shally Verma [mailto:shallyv@marvell.com]
> Sent: Wednesday, July 17, 2019 9:42 AM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: RE: [EXT] [PATCH v3 04/11] test: add cipher field to RSA test
> 
> 
> 
> > -----Original Message-----
> > From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > Sent: Wednesday, July 17, 2019 12:23 AM
> > To: dev@dpdk.org
> > Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> > <shallyv@marvell.com>; Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > Subject: [EXT] [PATCH v3 04/11] test: add cipher field to RSA test
> >
> > External Email
> >
> > ----------------------------------------------------------------------
> > This patch adds cipher field to RSA test cases
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> >  app/test/test_cryptodev_asym.c | 3 +++
> >  1 file changed, 3 insertions(+)
> >
> > diff --git a/app/test/test_cryptodev_asym.c
> > b/app/test/test_cryptodev_asym.c index 4dee164..8391545 100644
> > --- a/app/test/test_cryptodev_asym.c
> > +++ b/app/test/test_cryptodev_asym.c
> > @@ -164,6 +164,7 @@ queue_ops_rsa_enc_dec(struct
> > rte_cryptodev_asym_session *sess)
> >  	uint8_t dev_id = ts_params->valid_devs[0];
> >  	struct rte_crypto_op *op, *result_op;
> >  	struct rte_crypto_asym_op *asym_op;
> > +	uint8_t cipher_buf[TEST_DATA_SIZE] = {0};
> >  	int ret, status = TEST_SUCCESS;
> >
> >  	/* Set up crypto op data structure */ @@ -180,6 +181,8 @@
> > queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
> >  	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
> >
> >  	asym_op->rsa.message.data = rsaplaintext.data;
> > +	asym_op->rsa.cipher.data = cipher_buf;
> > +	asym_op->rsa.cipher.length = 0;
> [Shally] I think this should be initialized to length of buffer available i.e. RSA
> Key size? PMD can override it with length of actual data written at output,
> which has to be less than , equal to RSA_key size.
[AK] - its because API comments are ambiguous in this case and we have only one field describing array length.
I would suggest to rephrase cipher field API comments from "length in bytes
	 * of this field needs to be greater or equal to the length of
	 * corresponding RSA key in bytes"
To "underlying array should have allocated enough memory to hold cipher output (bigger or equal to RSA key size". Then length could and I think should be zero or unspecified at this point. 
What do you think? 
> 
> >  	asym_op->rsa.message.length = rsaplaintext.len;
> >  	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2;
> >
> > --
> > 2.1.0

Re: [dpdk-dev] [EXT] [PATCH v3 01/11] cryptodev: change RSA API comments about primes

[Kusztal, ArkadiuszX]

> -----Original Message-----
> From: Shally Verma [mailto:shallyv@marvell.com]
> Sent: Wednesday, July 17, 2019 9:32 AM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: RE: [EXT] [PATCH v3 01/11] cryptodev: change RSA API comments
> about primes
> 
> 
> 
> > -----Original Message-----
> > From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > Sent: Wednesday, July 17, 2019 12:23 AM
> > To: dev@dpdk.org
> > Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> > <shallyv@marvell.com>; Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > Subject: [EXT] [PATCH v3 01/11] cryptodev: change RSA API comments
> > about primes
> >
> > External Email
> >
> > ----------------------------------------------------------------------
> > RSA modulus cannot be prime as its security basing on integer
> factorization.
> >
> [Shally] I think you mean here that "RSA modulus input cannot be prime as it
> is multiple of 2 primes"

[AK] From Menezes, van Oorsc, Vanstone - Handbook of applied cryptography -
8.6 - Fact The problem of computing the RSA decryption exponent d from the public key (n, e),
and the problem of factoring n, are computationally equivalent.
Besides RSA supports multi-primes (product of more primes than two) which we currently don't.
Although yeah I could describe it bit clearer.
> 
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> Other than minor rephrasing requirement on commit log, change is
> Acked-by: Shally Verma <shallyv@marvell.com>
> 
> >  lib/librte_cryptodev/rte_crypto_asym.h | 6 +++---
> >  1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/lib/librte_cryptodev/rte_crypto_asym.h
> > b/lib/librte_cryptodev/rte_crypto_asym.h
> > index 8672f21..02ec304 100644
> > --- a/lib/librte_cryptodev/rte_crypto_asym.h
> > +++ b/lib/librte_cryptodev/rte_crypto_asym.h
> > @@ -199,8 +199,8 @@ struct rte_crypto_rsa_priv_key_qt {
> >   */
> >  struct rte_crypto_rsa_xform {
> >  	rte_crypto_param n;
> > -	/**< n - Prime modulus
> > -	 * Prime modulus data of RSA operation in Octet-string network
> > +	/**< n - Modulus
> > +	 * Modulus data of RSA operation in Octet-string network
> >  	 * byte order format.
> >  	 */
> >
> > @@ -409,7 +409,7 @@ struct rte_crypto_rsa_op_param {
> >  	 * over-written with generated signature.
> >  	 *
> >  	 * Length of the signature data will be equal to the
> > -	 * RSA prime modulus length.
> > +	 * RSA modulus length.
> >  	 */
> >
> >  	enum rte_crypto_rsa_padding_type pad;
> > --
> > 2.1.0

Re: [dpdk-dev] [EXT] [PATCH v3 04/11] test: add cipher field to RSA test

[Kusztal, ArkadiuszX]

> -----Original Message-----
> From: Kusztal, ArkadiuszX
> Sent: Wednesday, July 17, 2019 10:27 AM
> To: 'Shally Verma' <shallyv@marvell.com>; dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: RE: [EXT] [PATCH v3 04/11] test: add cipher field to RSA test
> 
> 
> 
> > -----Original Message-----
> > From: Shally Verma [mailto:shallyv@marvell.com]
> > Sent: Wednesday, July 17, 2019 9:42 AM
> > To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> > Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>
> > Subject: RE: [EXT] [PATCH v3 04/11] test: add cipher field to RSA test
> >
> >
> >
> > > -----Original Message-----
> > > From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > > Sent: Wednesday, July 17, 2019 12:23 AM
> > > To: dev@dpdk.org
> > > Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> > > <shallyv@marvell.com>; Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > > Subject: [EXT] [PATCH v3 04/11] test: add cipher field to RSA test
> > >
> > > External Email
> > >
> > > --------------------------------------------------------------------
> > > -- This patch adds cipher field to RSA test cases
> > >
> > > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > > ---
> > >  app/test/test_cryptodev_asym.c | 3 +++
> > >  1 file changed, 3 insertions(+)
> > >
> > > diff --git a/app/test/test_cryptodev_asym.c
> > > b/app/test/test_cryptodev_asym.c index 4dee164..8391545 100644
> > > --- a/app/test/test_cryptodev_asym.c
> > > +++ b/app/test/test_cryptodev_asym.c
> > > @@ -164,6 +164,7 @@ queue_ops_rsa_enc_dec(struct
> > > rte_cryptodev_asym_session *sess)
> > >  	uint8_t dev_id = ts_params->valid_devs[0];
> > >  	struct rte_crypto_op *op, *result_op;
> > >  	struct rte_crypto_asym_op *asym_op;
> > > +	uint8_t cipher_buf[TEST_DATA_SIZE] = {0};
> > >  	int ret, status = TEST_SUCCESS;
> > >
> > >  	/* Set up crypto op data structure */ @@ -180,6 +181,8 @@
> > > queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
> > >  	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
> > >
> > >  	asym_op->rsa.message.data = rsaplaintext.data;
> > > +	asym_op->rsa.cipher.data = cipher_buf;
> > > +	asym_op->rsa.cipher.length = 0;
> > [Shally] I think this should be initialized to length of buffer
> > available i.e. RSA Key size? PMD can override it with length of actual
> > data written at output, which has to be less than , equal to RSA_key size.
> [AK] - its because API comments are ambiguous in this case and we have only
> one field describing array length.
> I would suggest to rephrase cipher field API comments from "length in bytes
> 	 * of this field needs to be greater or equal to the length of
> 	 * corresponding RSA key in bytes"
> To "underlying array should have allocated enough memory to hold cipher
> output (bigger or equal to RSA key size". Then length could and I think should
> be zero or unspecified at this point.
> What do you think?

[AK2] Something like that:
	 * When RTE_CRYPTO_ASYM_OP_ENCRYPT op_type used underlying array
	 * should have been allocated with enough memory to hold cipher
	 * output (bigger or equal to RSA key size).
The same for message field.
> >
> > >  	asym_op->rsa.message.length = rsaplaintext.len;
> > >  	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2;
> > >
> > > --
> > > 2.1.0

Re: [dpdk-dev] [EXT] [PATCH v3 05/11] cryptodev: add information about message format when signing with RSA

[Shally Verma]

> -----Original Message-----
> From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Sent: Wednesday, July 17, 2019 12:23 AM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> <shallyv@marvell.com>; Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Subject: [EXT] [PATCH v3 05/11] cryptodev: add information about message
> format when signing with RSA
> 
> External Email
> 
> ----------------------------------------------------------------------
> This patch adds information about format of the message should have
> before sending it to the signing operation when using RSA algorithm.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  lib/librte_cryptodev/rte_crypto_asym.h | 9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> diff --git a/lib/librte_cryptodev/rte_crypto_asym.h
> b/lib/librte_cryptodev/rte_crypto_asym.h
> index 16c86c9..ad484de 100644
> --- a/lib/librte_cryptodev/rte_crypto_asym.h
> +++ b/lib/librte_cryptodev/rte_crypto_asym.h
> @@ -408,6 +408,15 @@ struct rte_crypto_rsa_op_param {
>  	 * When RTE_CRYPTO_ASYM_OP_DECRYPT op_type used length in
> bytes
>  	 * of this field needs to be greater or equal to the length of
>  	 * corresponding RSA key in bytes.
> +	 *
> +	 * When RTE_CRYPTO_ASYM_OP_SIGN op_type used and following
> padding
> +	 * type:
> +	 * - padding PKCS1_5:
> +	 * data provided should contain `algorithmIdentifier` in DER encoded
> +	 * format concatenated with message digest (as per spec rfc8017 9.2)
[Shally] I have reservations here and I think I asked this before too. For PKCSV1.5, Currently there it only support output format as defined RSASP1 section 5.2.1 . Means
PMD does not apply EMSA-PKCS1-v1_5-ENCODE (M, emLen) defined in rfc8017 Sec 9.2 which includes applying hash on input message and other things. So, 
Are we extending spec here ?

> +	 * - padding PSS
> +	 * data provided should contain message digest of the message
> +	 * to be signed
>  	 */
> 
> 
> --
> 2.1.0

Re: [dpdk-dev] [EXT] [PATCH v3 06/11] cryptodev: remove RSA PKCS1 BT0 padding

[Shally Verma]

> -----Original Message-----
> From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Sent: Wednesday, July 17, 2019 12:23 AM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> <shallyv@marvell.com>; Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Subject: [EXT] [PATCH v3 06/11] cryptodev: remove RSA PKCS1 BT0 padding
> 
> External Email
> 
> ----------------------------------------------------------------------
> BT0 block type padding after rfc2313 has been discontinued.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Shally Verma <shallyv@marvell.com>

> ---
>  lib/librte_cryptodev/rte_crypto_asym.h | 14 +++-----------
>  1 file changed, 3 insertions(+), 11 deletions(-)
> 
> diff --git a/lib/librte_cryptodev/rte_crypto_asym.h
> b/lib/librte_cryptodev/rte_crypto_asym.h
> index ad484de..5026042 100644
> --- a/lib/librte_cryptodev/rte_crypto_asym.h
> +++ b/lib/librte_cryptodev/rte_crypto_asym.h
> @@ -112,17 +112,9 @@ enum rte_crypto_asym_op_type {  enum
> rte_crypto_rsa_padding_type {
>  	RTE_CRYPTO_RSA_PADDING_NONE = 0,
>  	/**< RSA no padding scheme */
> -	RTE_CRYPTO_RSA_PKCS1_V1_5_BT0,
> -	/**< RSA PKCS#1 V1.5 Block Type 0 padding scheme
> -	 * as described in rfc2313
> -	 */
> -	RTE_CRYPTO_RSA_PKCS1_V1_5_BT1,
> -	/**< RSA PKCS#1 V1.5 Block Type 01 padding scheme
> -	 * as described in rfc2313
> -	 */
> -	RTE_CRYPTO_RSA_PKCS1_V1_5_BT2,
> -	/**< RSA PKCS#1 V1.5 Block Type 02 padding scheme
> -	 * as described in rfc2313
> +	RTE_CRYPTO_RSA_PADDING_PKCS1_5,
> +	/**< RSA PKCS#1 PKCS1-v1_5 padding scheme. For signatures block
> type 01,
> +	 * for encryption block type 02 are used.
>  	 */
>  	RTE_CRYPTO_RSA_PADDING_OAEP,
>  	/**< RSA PKCS#1 OAEP padding scheme */
> --
> 2.1.0

Re: [dpdk-dev] [EXT] [PATCH v3 08/11] test: remove RSA PKCS1_5 BT0 padding from test cases

[Shally Verma]

> -----Original Message-----
> From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Sent: Wednesday, July 17, 2019 12:23 AM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> <shallyv@marvell.com>; Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Subject: [EXT] [PATCH v3 08/11] test: remove RSA PKCS1_5 BT0 padding from
> test cases
> 
> External Email
> 
> ----------------------------------------------------------------------
> This patch removes RSA PKCS1_5 BT0 padding from test cases
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by : Shally Verma <shallyv@marvell.com>

> ---
>  app/test/test_cryptodev_asym.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/app/test/test_cryptodev_asym.c
> b/app/test/test_cryptodev_asym.c index 8391545..0e1277b 100644
> --- a/app/test/test_cryptodev_asym.c
> +++ b/app/test/test_cryptodev_asym.c
> @@ -93,7 +93,7 @@ queue_ops_rsa_sign_verify(struct
> rte_cryptodev_asym_session *sess)
>  	asym_op->rsa.message.data = rsaplaintext.data;
>  	asym_op->rsa.message.length = rsaplaintext.len;
>  	asym_op->rsa.sign.data = output_buf;
> -	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT1;
> +	asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
> 
>  	debug_hexdump(stdout, "message", asym_op->rsa.message.data,
>  		      asym_op->rsa.message.length);
> @@ -125,7 +125,7 @@ queue_ops_rsa_sign_verify(struct
> rte_cryptodev_asym_session *sess)
> 
>  	/* Verify sign */
>  	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
> -	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT1;
> +	asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
> 
>  	/* Process crypto operation */
>  	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) { @@ -
> 184,7 +184,7 @@ queue_ops_rsa_enc_dec(struct
> rte_cryptodev_asym_session *sess)
>  	asym_op->rsa.cipher.data = cipher_buf;
>  	asym_op->rsa.cipher.length = 0;
>  	asym_op->rsa.message.length = rsaplaintext.len;
> -	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2;
> +	asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
> 
>  	debug_hexdump(stdout, "message", asym_op->rsa.message.data,
>  		      asym_op->rsa.message.length);
> @@ -215,7 +215,7 @@ queue_ops_rsa_enc_dec(struct
> rte_cryptodev_asym_session *sess)
>  	/* Use the resulted output as decryption Input vector*/
>  	asym_op = result_op->asym;
>  	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
> -	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2;
> +	asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
> 
>  	/* Process crypto operation */
>  	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
> --
> 2.1.0

Re: [dpdk-dev] [EXT] [PATCH v3 09/11] cryptodev: add RSA padding none description

[Shally Verma]

> -----Original Message-----
> From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Sent: Wednesday, July 17, 2019 12:23 AM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> <shallyv@marvell.com>; Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Subject: [EXT] [PATCH v3 09/11] cryptodev: add RSA padding none
> description
> 
> External Email
> 
> ----------------------------------------------------------------------
> This patch adds RSA padding none description.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  lib/librte_cryptodev/rte_crypto_asym.h | 10 +++++++++-
>  1 file changed, 9 insertions(+), 1 deletion(-)
> 
> diff --git a/lib/librte_cryptodev/rte_crypto_asym.h
> b/lib/librte_cryptodev/rte_crypto_asym.h
> index 5026042..7f630f0 100644
> --- a/lib/librte_cryptodev/rte_crypto_asym.h
> +++ b/lib/librte_cryptodev/rte_crypto_asym.h
> @@ -90,7 +90,10 @@ enum rte_crypto_asym_xform_type {
>   */
>  enum rte_crypto_asym_op_type {
>  	RTE_CRYPTO_ASYM_OP_ENCRYPT,
> -	/**< Asymmetric Encrypt operation */
> +	/**< RSA no padding scheme.
> +	 * In this case user is responsible for provision and verification
> +	 * of padding.
> +	 */
>  	RTE_CRYPTO_ASYM_OP_DECRYPT,
>  	/**< Asymmetric Decrypt operation */
>  	RTE_CRYPTO_ASYM_OP_SIGN,
> @@ -409,6 +412,11 @@ struct rte_crypto_rsa_op_param {
>  	 * - padding PSS
>  	 * data provided should contain message digest of the message
>  	 * to be signed
> +	 *
> +	 * When padding field is set to RTE_CRYPTO_RSA_PADDING_NONE
> +	 * and RTE_CRYPTO_ASYM_OP_DECRYPT op_type used returned
> data size
> +	 * will be equal to the size of RSA key in bytes. All leading
> +	 * zeroes will be preserved.
[Shally] its bit unclear here. So, app is supposed to pass buffer with padding removed or padding intact? Are leading 0's padding bytes?
If so, I believe app can use any kind of padding, BT2 or OAEP so it does not have to be necessarily 0. Or
May be I am missing some info here. Could you point me to source which says, for padding none, data will always be padded with leading 0s?

>  	 */
> 
> 
> --
> 2.1.0

Re: [dpdk-dev] [EXT] [PATCH v3 07/11] openssl: remove RSA PKCS1_5 BT0 padding

[Shally Verma]

> -----Original Message-----
> From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Sent: Wednesday, July 17, 2019 12:23 AM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> <shallyv@marvell.com>; Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Subject: [EXT] [PATCH v3 07/11] openssl: remove RSA PKCS1_5 BT0 padding
> 
> External Email
> 
> ----------------------------------------------------------------------
> This patch removes RSA PKCS1_5 BT0 padding from openssl PMD.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Shally Verma <shallyv@marvell.com>
> ---
>  drivers/crypto/openssl/rte_openssl_pmd.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index 71ae320..2f55528 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -1848,9 +1848,7 @@ process_openssl_rsa_op(struct rte_crypto_op
> *cop,
>  	cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
> 
>  	switch (pad) {
> -	case RTE_CRYPTO_RSA_PKCS1_V1_5_BT0:
> -	case RTE_CRYPTO_RSA_PKCS1_V1_5_BT1:
> -	case RTE_CRYPTO_RSA_PKCS1_V1_5_BT2:
> +	case RTE_CRYPTO_RSA_PADDING_PKCS1_5:
>  		pad = RSA_PKCS1_PADDING;
>  		break;
>  	case RTE_CRYPTO_RSA_PADDING_NONE:
> --
> 2.1.0

Re: [dpdk-dev] [EXT] [PATCH v3 10/11] test: add pkcs1_5 padding simulation

[Shally Verma]

> -----Original Message-----
> From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Sent: Wednesday, July 17, 2019 12:23 AM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> <shallyv@marvell.com>; Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Subject: [EXT] [PATCH v3 10/11] test: add pkcs1_5 padding simulation
> 
> External Email
> 
> ----------------------------------------------------------------------
> This patch adds function to simulate pkcs1_5 padding, it serves nothing else
> than example. It provides no security and should not be used in security
> context.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
[Shally] Sorry did not get context of this test. Is it to describe PADDING_NONE?

>  app/test/test_cryptodev_asym_util.h | 54
> +++++++++++++++++++++++++++++++++++++
>  1 file changed, 54 insertions(+)
> 
> diff --git a/app/test/test_cryptodev_asym_util.h
> b/app/test/test_cryptodev_asym_util.h
> index b3d9fb4..f984166 100644
> --- a/app/test/test_cryptodev_asym_util.h
> +++ b/app/test/test_cryptodev_asym_util.h
> @@ -1,10 +1,64 @@
>  /* SPDX-License-Identifier: BSD-3-Clause
>   * Copyright(c) 2018 Cavium Networks
> + * Copyright (c) 2019 Intel Corporation
>   */
> 
>  #ifndef TEST_CRYPTODEV_ASYM_TEST_UTIL_H__  #define
> TEST_CRYPTODEV_ASYM_TEST_UTIL_H__
> 
> +/*
> + * Two functions below simulate pkcs 1.5 padding and serves only as an
> +example,
> + * both offer no security.
> + */
> +static inline int rsa_simulate_pkcs1_5_padding(int op, uint8_t *p,
> +		int key_size, const uint8_t *src, int len) {
> +
> +	int ps_len;
> +
> +	if (len > key_size - 11)
> +		return -1;
> +	ps_len = key_size - len - 3;
> +
> +	*(p++) = 0;
> +	*(p++) = op ? 1 : 2;
> +	if (op) {
> +		while (ps_len--)
> +			*(p++) = 0xFF;
> +	} else {
> +		while (ps_len--) {
> +			*p = (uint8_t)rand();
> +			*p ^= !(*p);
> +			p++;
> +		}
> +	}
> +
> +	*(p++) = 0;
> +	memcpy(p, src, len);
> +
> +	return 0;
> +}
> +
> +static inline int rsa_simulate_strip_pkcs1_5_padding(uint8_t *src,
> +		int key_size) {
> +	uint8_t tmp[key_size], *orig_src = src;
> +	int i = 1;
> +	++src;
> +	while (*(src) && i < key_size) {
> +		++i;
> +		++src;
> +	}
> +	if (i == key_size)
> +		return -1;
> +
> +	++i;
> +	++src;
> +
> +	memcpy(tmp, src, key_size - i);
> +	memcpy(orig_src, tmp, key_size - i);
> +	return key_size - i;
> +}
> +
> +
>  /* Below Apis compare resulted buffer to original test vector */
> 
>  static inline int rsa_verify(struct rsa_test_data *rsa_param,
> --
> 2.1.0

Re: [dpdk-dev] [EXT] [PATCH v3 05/11] cryptodev: add information about message format when signing with RSA

[Kusztal, ArkadiuszX]

> -----Original Message-----
> From: Shally Verma [mailto:shallyv@marvell.com]
> Sent: Wednesday, July 17, 2019 12:08 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: RE: [EXT] [PATCH v3 05/11] cryptodev: add information about
> message format when signing with RSA
> 
> 
> 
> > -----Original Message-----
> > From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > Sent: Wednesday, July 17, 2019 12:23 AM
> > To: dev@dpdk.org
> > Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> > <shallyv@marvell.com>; Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > Subject: [EXT] [PATCH v3 05/11] cryptodev: add information about
> > message format when signing with RSA
> >
> > External Email
> >
> > ----------------------------------------------------------------------
> > This patch adds information about format of the message should have
> > before sending it to the signing operation when using RSA algorithm.
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> >  lib/librte_cryptodev/rte_crypto_asym.h | 9 +++++++++
> >  1 file changed, 9 insertions(+)
> >
> > diff --git a/lib/librte_cryptodev/rte_crypto_asym.h
> > b/lib/librte_cryptodev/rte_crypto_asym.h
> > index 16c86c9..ad484de 100644
> > --- a/lib/librte_cryptodev/rte_crypto_asym.h
> > +++ b/lib/librte_cryptodev/rte_crypto_asym.h
> > @@ -408,6 +408,15 @@ struct rte_crypto_rsa_op_param {
> >  	 * When RTE_CRYPTO_ASYM_OP_DECRYPT op_type used length in
> bytes
> >  	 * of this field needs to be greater or equal to the length of
> >  	 * corresponding RSA key in bytes.
> > +	 *
> > +	 * When RTE_CRYPTO_ASYM_OP_SIGN op_type used and following
> > padding
> > +	 * type:
> > +	 * - padding PKCS1_5:
> > +	 * data provided should contain `algorithmIdentifier` in DER encoded
> > +	 * format concatenated with message digest (as per spec rfc8017 9.2)
> [Shally] I have reservations here and I think I asked this before too. For
> PKCSV1.5, Currently there it only support output format as defined RSASP1
> section 5.2.1 . Means PMD does not apply EMSA-PKCS1-v1_5-ENCODE (M,
> emLen) defined in rfc8017 Sec 9.2 which includes applying hash on input
> message and other things. So, Are we extending spec here ?

1) It is to the contrary what we have in only test case we got for RSA signature, as we set padding:
	asym_op->rsa.sign.data = output_buf;
	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT1;
But current openssl pmd implementation does not create digest nor adds DER. So user needs to pass it.

It can be only RSASP1 but only with PADDING_NONE selected, and in this case full padding would have to be provided.


2) We cannot extend as we do not specify really in here, there is no information what data format user should provide.


> 
> > +	 * - padding PSS
> > +	 * data provided should contain message digest of the message
> > +	 * to be signed
> >  	 */
> >
> >
> > --
> > 2.1.0

Re: [dpdk-dev] [EXT] [PATCH v3 10/11] test: add pkcs1_5 padding simulation

[Kusztal, ArkadiuszX]

> -----Original Message-----
> From: Shally Verma [mailto:shallyv@marvell.com]
> Sent: Wednesday, July 17, 2019 12:23 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: RE: [EXT] [PATCH v3 10/11] test: add pkcs1_5 padding simulation
> 
> 
> 
> > -----Original Message-----
> > From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > Sent: Wednesday, July 17, 2019 12:23 AM
> > To: dev@dpdk.org
> > Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> > <shallyv@marvell.com>; Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > Subject: [EXT] [PATCH v3 10/11] test: add pkcs1_5 padding simulation
> >
> > External Email
> >
> > ----------------------------------------------------------------------
> > This patch adds function to simulate pkcs1_5 padding, it serves
> > nothing else than example. It provides no security and should not be
> > used in security context.
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> [Shally] Sorry did not get context of this test. Is it to describe
> PADDING_NONE?
Yes, it helps to show workflow of PADDING_NONE case selected.

> 
> >  app/test/test_cryptodev_asym_util.h | 54
> > +++++++++++++++++++++++++++++++++++++
> >  1 file changed, 54 insertions(+)
> >
> > diff --git a/app/test/test_cryptodev_asym_util.h
> > b/app/test/test_cryptodev_asym_util.h
> > index b3d9fb4..f984166 100644
> > --- a/app/test/test_cryptodev_asym_util.h
> > +++ b/app/test/test_cryptodev_asym_util.h
> > @@ -1,10 +1,64 @@
> >  /* SPDX-License-Identifier: BSD-3-Clause
> >   * Copyright(c) 2018 Cavium Networks
> > + * Copyright (c) 2019 Intel Corporation
> >   */
> >
> >  #ifndef TEST_CRYPTODEV_ASYM_TEST_UTIL_H__  #define
> > TEST_CRYPTODEV_ASYM_TEST_UTIL_H__
> >
> > +/*
> > + * Two functions below simulate pkcs 1.5 padding and serves only as
> > +an example,
> > + * both offer no security.
> > + */
> > +static inline int rsa_simulate_pkcs1_5_padding(int op, uint8_t *p,
> > +		int key_size, const uint8_t *src, int len) {
> > +
> > +	int ps_len;
> > +
> > +	if (len > key_size - 11)
> > +		return -1;
> > +	ps_len = key_size - len - 3;
> > +
> > +	*(p++) = 0;
> > +	*(p++) = op ? 1 : 2;
> > +	if (op) {
> > +		while (ps_len--)
> > +			*(p++) = 0xFF;
> > +	} else {
> > +		while (ps_len--) {
> > +			*p = (uint8_t)rand();
> > +			*p ^= !(*p);
> > +			p++;
> > +		}
> > +	}
> > +
> > +	*(p++) = 0;
> > +	memcpy(p, src, len);
> > +
> > +	return 0;
> > +}
> > +
> > +static inline int rsa_simulate_strip_pkcs1_5_padding(uint8_t *src,
> > +		int key_size) {
> > +	uint8_t tmp[key_size], *orig_src = src;
> > +	int i = 1;
> > +	++src;
> > +	while (*(src) && i < key_size) {
> > +		++i;
> > +		++src;
> > +	}
> > +	if (i == key_size)
> > +		return -1;
> > +
> > +	++i;
> > +	++src;
> > +
> > +	memcpy(tmp, src, key_size - i);
> > +	memcpy(orig_src, tmp, key_size - i);
> > +	return key_size - i;
> > +}
> > +
> > +
> >  /* Below Apis compare resulted buffer to original test vector */
> >
> >  static inline int rsa_verify(struct rsa_test_data *rsa_param,
> > --
> > 2.1.0

Re: [dpdk-dev] [EXT] [PATCH v3 09/11] cryptodev: add RSA padding none description

[Kusztal, ArkadiuszX]

> -----Original Message-----
> From: Shally Verma [mailto:shallyv@marvell.com]
> Sent: Wednesday, July 17, 2019 12:18 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: RE: [EXT] [PATCH v3 09/11] cryptodev: add RSA padding none
> description
> 
> 
> 
> > -----Original Message-----
> > From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > Sent: Wednesday, July 17, 2019 12:23 AM
> > To: dev@dpdk.org
> > Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> > <shallyv@marvell.com>; Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > Subject: [EXT] [PATCH v3 09/11] cryptodev: add RSA padding none
> > description
> >
> > External Email
> >
> > ----------------------------------------------------------------------
> > This patch adds RSA padding none description.
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> >  lib/librte_cryptodev/rte_crypto_asym.h | 10 +++++++++-
> >  1 file changed, 9 insertions(+), 1 deletion(-)
> >
> > diff --git a/lib/librte_cryptodev/rte_crypto_asym.h
> > b/lib/librte_cryptodev/rte_crypto_asym.h
> > index 5026042..7f630f0 100644
> > --- a/lib/librte_cryptodev/rte_crypto_asym.h
> > +++ b/lib/librte_cryptodev/rte_crypto_asym.h
> > @@ -90,7 +90,10 @@ enum rte_crypto_asym_xform_type {
> >   */
> >  enum rte_crypto_asym_op_type {
> >  	RTE_CRYPTO_ASYM_OP_ENCRYPT,
> > -	/**< Asymmetric Encrypt operation */
> > +	/**< RSA no padding scheme.
> > +	 * In this case user is responsible for provision and verification
> > +	 * of padding.
> > +	 */
> >  	RTE_CRYPTO_ASYM_OP_DECRYPT,
> >  	/**< Asymmetric Decrypt operation */
> >  	RTE_CRYPTO_ASYM_OP_SIGN,
> > @@ -409,6 +412,11 @@ struct rte_crypto_rsa_op_param {
> >  	 * - padding PSS
> >  	 * data provided should contain message digest of the message
> >  	 * to be signed
> > +	 *
> > +	 * When padding field is set to RTE_CRYPTO_RSA_PADDING_NONE
> > +	 * and RTE_CRYPTO_ASYM_OP_DECRYPT op_type used returned
> > data size
> > +	 * will be equal to the size of RSA key in bytes. All leading
> > +	 * zeroes will be preserved.
> [Shally] its bit unclear here. So, app is supposed to pass buffer with padding
> removed or padding intact? Are leading 0's padding bytes?
> If so, I believe app can use any kind of padding, BT2 or OAEP so it does not
> have to be necessarily 0. Or May be I am missing some info here. Could you
> point me to source which says, for padding none, data will always be padded
> with leading 0s?
> 
OEAP, PKCS1_5 have leading zero.
Example:
We decrypt message that was encrypted using pkcs1_5 padding but we use PADDING_NONE (let say pmd does not support others). We decrypted P = (0x0 | 0x02 | PS| 0x0 | Message) then user would use some padding check function  let say openssl RSA_padding_check_PKCS1_type_2. This function will fail if first byte (p[0]) is not equal to zero. So we cannot trim. Openssl behaves exactly this way so does our driver. It is only hint that zeroes should not be trimmed.

> >  	 */
> >
> >
> > --
> > 2.1.0

Re: [dpdk-dev] [EXT] [PATCH v3 04/11] test: add cipher field to RSA test

[Shally Verma]

> -----Original Message-----
> From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Sent: Wednesday, July 17, 2019 3:12 PM
> To: Shally Verma <shallyv@marvell.com>; dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: RE: [EXT] [PATCH v3 04/11] test: add cipher field to RSA test
> 
> 
> 
> > -----Original Message-----
> > From: Kusztal, ArkadiuszX
> > Sent: Wednesday, July 17, 2019 10:27 AM
> > To: 'Shally Verma' <shallyv@marvell.com>; dev@dpdk.org
> > Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>
> > Subject: RE: [EXT] [PATCH v3 04/11] test: add cipher field to RSA test
> >
> >
> >
> > > -----Original Message-----
> > > From: Shally Verma [mailto:shallyv@marvell.com]
> > > Sent: Wednesday, July 17, 2019 9:42 AM
> > > To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> > > Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>
> > > Subject: RE: [EXT] [PATCH v3 04/11] test: add cipher field to RSA
> > > test
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > > > Sent: Wednesday, July 17, 2019 12:23 AM
> > > > To: dev@dpdk.org
> > > > Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> > > > <shallyv@marvell.com>; Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > > > Subject: [EXT] [PATCH v3 04/11] test: add cipher field to RSA test
> > > >
> > > > External Email
> > > >
> > > > ------------------------------------------------------------------
> > > > --
> > > > -- This patch adds cipher field to RSA test cases
> > > >
> > > > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > > > ---
> > > >  app/test/test_cryptodev_asym.c | 3 +++
> > > >  1 file changed, 3 insertions(+)
> > > >
> > > > diff --git a/app/test/test_cryptodev_asym.c
> > > > b/app/test/test_cryptodev_asym.c index 4dee164..8391545 100644
> > > > --- a/app/test/test_cryptodev_asym.c
> > > > +++ b/app/test/test_cryptodev_asym.c
> > > > @@ -164,6 +164,7 @@ queue_ops_rsa_enc_dec(struct
> > > > rte_cryptodev_asym_session *sess)
> > > >  	uint8_t dev_id = ts_params->valid_devs[0];
> > > >  	struct rte_crypto_op *op, *result_op;
> > > >  	struct rte_crypto_asym_op *asym_op;
> > > > +	uint8_t cipher_buf[TEST_DATA_SIZE] = {0};
> > > >  	int ret, status = TEST_SUCCESS;
> > > >
> > > >  	/* Set up crypto op data structure */ @@ -180,6 +181,8 @@
> > > > queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
> > > >  	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
> > > >
> > > >  	asym_op->rsa.message.data = rsaplaintext.data;
> > > > +	asym_op->rsa.cipher.data = cipher_buf;
> > > > +	asym_op->rsa.cipher.length = 0;
> > > [Shally] I think this should be initialized to length of buffer
> > > available i.e. RSA Key size? PMD can override it with length of
> > > actual data written at output, which has to be less than , equal to
> RSA_key size.
> > [AK] - its because API comments are ambiguous in this case and we have
> > only one field describing array length.
> > I would suggest to rephrase cipher field API comments from "length in
> bytes
> > 	 * of this field needs to be greater or equal to the length of
> > 	 * corresponding RSA key in bytes"
> > To "underlying array should have allocated enough memory to hold
> > cipher output (bigger or equal to RSA key size". Then length could and
> > I think should be zero or unspecified at this point.
> > What do you think?
> 
> [AK2] Something like that:
> 	 * When RTE_CRYPTO_ASYM_OP_ENCRYPT op_type used underlying
> array
> 	 * should have been allocated with enough memory to hold cipher
> 	 * output (bigger or equal to RSA key size).
> The same for message field.
[Shally] This description is okay. But still I would assume app to set length field of cipher buffer to actual allocated than 0. But I look forward to more feedback on this from others

> > >
> > > >  	asym_op->rsa.message.length = rsaplaintext.len;
> > > >  	asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2;
> > > >
> > > > --
> > > > 2.1.0

Re: [dpdk-dev] [EXT] [PATCH v3 02/11] cryptodev: add cipher field to RSA op

[Kusztal, ArkadiuszX]

Hi Shally,
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> >  lib/librte_cryptodev/rte_crypto_asym.h | 26
> > +++++++++++++++++++++++++-
> >  1 file changed, 25 insertions(+), 1 deletion(-)
> >
> > diff --git a/lib/librte_cryptodev/rte_crypto_asym.h
> > b/lib/librte_cryptodev/rte_crypto_asym.h
> > index 02ec304..16c86c9 100644
> > --- a/lib/librte_cryptodev/rte_crypto_asym.h
> > +++ b/lib/librte_cryptodev/rte_crypto_asym.h
> > @@ -397,9 +397,33 @@ struct rte_crypto_rsa_op_param {
> >  	/**<
> >  	 * Pointer to data
> >  	 * - to be encrypted for RSA public encrypt.
> > -	 * - to be decrypted for RSA private decrypt.
> >  	 * - to be signed for RSA sign generation.
> >  	 * - to be authenticated for RSA sign verification.
> > +	 *
> > +	 * Octet-string network byte order format.
> > +	 *
> > +	 * This field is an input to RTE_CRYPTO_ASYM_OP_ENCRYPT
> > +	 * operation, and output to RTE_CRYPTO_ASYM_OP_DECRYPT
> > operation.
> > +	 *
> > +	 * When RTE_CRYPTO_ASYM_OP_DECRYPT op_type used length in
> > bytes
> > +	 * of this field needs to be greater or equal to the length of
> > +	 * corresponding RSA key in bytes.
> > +	 */
> [Shally] this overall look repetitive here. Since now this buffer is both input
> and output depending on op_type.
> How about , if we just change description to:
> Pointer to plaintext buffer. This buffer is input to
> RSA_CRYPTO_ASYM_OP_TYPE_ENCRYPT/ SIGN, VERIFY And Output to
> RTE_CRYPTO_ASYM_OP_TYPE_DECRYPT
[AK] - I have missed this mail. You right, but instead of sending v5 just for that I could change this in future patches?
> 
> > +
> > +
> > +	rte_crypto_param cipher;
> > +	/**<
> > +	 * Pointer to data
> > +	 * - to be decrypted for RSA private decrypt.
> > +	 *
> > +	 * Octet-string network byte order format.
> > +	 *
> > +	 * This field is an input to RTE_CRYPTO_ASYM_OP_DECRYPT
> > +	 * operation, and output to RTE_CRYPTO_ASYM_OP_ENCRYPT
> > operation.
> > +	 *
> > +	 * When RTE_CRYPTO_ASYM_OP_ENCRYPT op_type used length in
> > bytes
> > +	 * of this field needs to be greater or equal to the length of
> > +	 * corresponding RSA key in bytes.
> >  	 */
> [Shally] So is my suggestion here. Change to like "Pointer to Ciphetext buffer
> ..."
> 
> >
> >  	rte_crypto_param sign;
> > --
> > 2.1.0

Re: [dpdk-dev] [EXT] [PATCH v3 04/11] test: add cipher field to RSA test

[Trahe, Fiona]

Hi Shally, Arek,

> > > >
> > > > > -----Original Message-----
> > > > > From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > > > > Sent: Wednesday, July 17, 2019 12:23 AM
> > > > > To: dev@dpdk.org
> > > > > Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> > > > > <shallyv@marvell.com>; Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > > > > Subject: [EXT] [PATCH v3 04/11] test: add cipher field to RSA test
> > > > >
> > > > > External Email
> > > > >
> > > > > ------------------------------------------------------------------
> > > > > --
> > > > > -- This patch adds cipher field to RSA test cases
> > > > >
> > > > > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > > > > ---
> > > > >  app/test/test_cryptodev_asym.c | 3 +++
> > > > >  1 file changed, 3 insertions(+)
> > > > >
> > > > > diff --git a/app/test/test_cryptodev_asym.c
> > > > > b/app/test/test_cryptodev_asym.c index 4dee164..8391545 100644
> > > > > --- a/app/test/test_cryptodev_asym.c
> > > > > +++ b/app/test/test_cryptodev_asym.c
> > > > > @@ -164,6 +164,7 @@ queue_ops_rsa_enc_dec(struct
> > > > > rte_cryptodev_asym_session *sess)
> > > > >  	uint8_t dev_id = ts_params->valid_devs[0];
> > > > >  	struct rte_crypto_op *op, *result_op;
> > > > >  	struct rte_crypto_asym_op *asym_op;
> > > > > +	uint8_t cipher_buf[TEST_DATA_SIZE] = {0};
> > > > >  	int ret, status = TEST_SUCCESS;
> > > > >
> > > > >  	/* Set up crypto op data structure */ @@ -180,6 +181,8 @@
> > > > > queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
> > > > >  	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
> > > > >
> > > > >  	asym_op->rsa.message.data = rsaplaintext.data;
> > > > > +	asym_op->rsa.cipher.data = cipher_buf;
> > > > > +	asym_op->rsa.cipher.length = 0;
> > > > [Shally] I think this should be initialized to length of buffer
> > > > available i.e. RSA Key size? PMD can override it with length of
> > > > actual data written at output, which has to be less than , equal to
> > RSA_key size.
> > > [AK] - its because API comments are ambiguous in this case and we have
> > > only one field describing array length.
> > > I would suggest to rephrase cipher field API comments from "length in
> > bytes
> > > 	 * of this field needs to be greater or equal to the length of
> > > 	 * corresponding RSA key in bytes"
> > > To "underlying array should have allocated enough memory to hold
> > > cipher output (bigger or equal to RSA key size". Then length could and
> > > I think should be zero or unspecified at this point.
> > > What do you think?
> >
> > [AK2] Something like that:
> > 	 * When RTE_CRYPTO_ASYM_OP_ENCRYPT op_type used underlying
> > array
> > 	 * should have been allocated with enough memory to hold cipher
> > 	 * output (bigger or equal to RSA key size).
> > The same for message field.
> [Shally] This description is okay. But still I would assume app to set length field of cipher buffer to actual
> allocated than 0. But I look forward to more feedback on this from others
[Fiona] I think the important thing is to be clear on when it's an input field and when an output and what the appl or PMD does in each case.
So my understanding is in ENCRYPT case it's an output field and DECRYPT it's an input.
SO how about - combining this with the changes already suggested to avoid repetition in patch 2:
Comment under rte_crypto_rsa_op_param.message:
Pointer to input data
 	 * - to be encrypted for RSA public encrypt.
 	 * - to be signed for RSA sign generation.
 	 * - to be authenticated for RSA sign verification.
Pointer to output data
               * - for RSA private decrypt.
                     In this case the underlying array should have been allocated with
                     enough memory to hold plaintext output (i.e. must be at least RSA key size).
                     The message.length field should be 0 and will be overwritten by the PMD
                     with the decrypted length.
All data is in Octet-string network byte order format.

Note 1: If API allows a length on decrypt, then what would the PMD use it for? Would it have to handle the case where it's less than key-size? In which case the appl is breaking the API and ignoring the previous comment. Or more than key-size - what does the PMD care - it just needs key-size. IF there was a case where PMD could produce more than keysize and would need to know if the buffer is big enough then we should allow this and say it's both an input (buffer-len) and an output (decrypted-message-len). But I don't think there's such a case. 

Note 2 : it's good practice for apps to zero all fields in all API structs, except those explicitly set, to allow for future API extensions without ABI breakage.

Comment under rte_crypto_rsa_op_param.cipher:
Pointer to input data
 	 * - to be decrypted for RSA private decrypt.
 	 
Pointer to output data
               * - for RSA public encrypt.
                     In this case the underlying array should have been allocated with
                     enough memory to hold ciphertext output (i.e. must be at least RSA key size).
                     The message.length field should be 0 and will be overwritten by the PMD
                     with the encrypted length.
All data is in Octet-string network byte order format.

@Shally - does above make sense?
If so we can update patches 2, 3 and 4 based on above.

Re: [dpdk-dev] [EXT] [PATCH v3 04/11] test: add cipher field to RSA test

[Shally Verma]

...

 
> Comment under rte_crypto_rsa_op_param.cipher:
> Pointer to input data
>  	 * - to be decrypted for RSA private decrypt.
> 
> Pointer to output data
>                * - for RSA public encrypt.
>                      In this case the underlying array should have been allocated with
>                      enough memory to hold ciphertext output (i.e. must be at least
> RSA key size).
>                      The message.length field should be 0 and will be overwritten by
> the PMD
>                      with the encrypted length.
> All data is in Octet-string network byte order format.
> 
> @Shally - does above make sense?
> If so we can update patches 2, 3 and 4 based on above.
I see latest patch from Arek has this description. I'll respond on that.

Thanks
Shally