* [dpdk-dev] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto
@ 2019-07-18 16:09 Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 1/7] cryptodev: change RSA API comments about primes Arek Kusztal
` (7 more replies)
0 siblings, 8 replies; 14+ messages in thread
From: Arek Kusztal @ 2019-07-18 16:09 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, shallyv, damianx.nowak, Arek Kusztal
Ramoved patches that was not acked by Shally.
So open things:
1. Creating padding struct.
2. Padding parameters (seedlen, optional label etc).
3. Leading zeroes questions.
4. Random number requirements.
5. Capabilities.
6. Verify signature field when none padding.
7. Padding none.
8. Signature input format.
Arek Kusztal (7):
cryptodev: change RSA API comments about primes
cryptodev: add cipher field to RSA op
crypto/openssl: add cipher field to openssl RSA implementation
test: add cipher field to RSA test
cryptodev: remove RSA PKCS1 BT0 padding
openssl: remove RSA PKCS1_5 BT0 padding
test: remove RSA PKCS1_5 BT0 padding from test cases
app/test/test_cryptodev_asym.c | 13 ++++---
drivers/crypto/openssl/rte_openssl_pmd.c | 12 +++----
lib/librte_cryptodev/rte_crypto_asym.h | 61 +++++++++++++++++++++-----------
3 files changed, 55 insertions(+), 31 deletions(-)
--
2.1.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v5 1/7] cryptodev: change RSA API comments about primes
2019-07-18 16:09 [dpdk-dev] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Arek Kusztal
@ 2019-07-18 16:09 ` Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 2/7] cryptodev: add cipher field to RSA op Arek Kusztal
` (6 subsequent siblings)
7 siblings, 0 replies; 14+ messages in thread
From: Arek Kusztal @ 2019-07-18 16:09 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, shallyv, damianx.nowak, Arek Kusztal
RSA modulus cannot be prime as its security depends on the problem
of integer factorization.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
lib/librte_cryptodev/rte_crypto_asym.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/librte_cryptodev/rte_crypto_asym.h b/lib/librte_cryptodev/rte_crypto_asym.h
index 8672f21..02ec304 100644
--- a/lib/librte_cryptodev/rte_crypto_asym.h
+++ b/lib/librte_cryptodev/rte_crypto_asym.h
@@ -199,8 +199,8 @@ struct rte_crypto_rsa_priv_key_qt {
*/
struct rte_crypto_rsa_xform {
rte_crypto_param n;
- /**< n - Prime modulus
- * Prime modulus data of RSA operation in Octet-string network
+ /**< n - Modulus
+ * Modulus data of RSA operation in Octet-string network
* byte order format.
*/
@@ -409,7 +409,7 @@ struct rte_crypto_rsa_op_param {
* over-written with generated signature.
*
* Length of the signature data will be equal to the
- * RSA prime modulus length.
+ * RSA modulus length.
*/
enum rte_crypto_rsa_padding_type pad;
--
2.1.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v5 2/7] cryptodev: add cipher field to RSA op
2019-07-18 16:09 [dpdk-dev] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 1/7] cryptodev: change RSA API comments about primes Arek Kusztal
@ 2019-07-18 16:09 ` Arek Kusztal
2019-07-19 4:42 ` [dpdk-dev] [EXT] " Shally Verma
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 3/7] crypto/openssl: add cipher field to openssl RSA implementation Arek Kusztal
` (5 subsequent siblings)
7 siblings, 1 reply; 14+ messages in thread
From: Arek Kusztal @ 2019-07-18 16:09 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, shallyv, damianx.nowak, Arek Kusztal
Asymmetric nature of RSA algorithm suggest to use
additional field for output. In place operations
still can be done by setting cipher and message pointers
with the same memory address.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
lib/librte_cryptodev/rte_crypto_asym.h | 43 ++++++++++++++++++++++++++++------
1 file changed, 36 insertions(+), 7 deletions(-)
diff --git a/lib/librte_cryptodev/rte_crypto_asym.h b/lib/librte_cryptodev/rte_crypto_asym.h
index 02ec304..1d4ec80 100644
--- a/lib/librte_cryptodev/rte_crypto_asym.h
+++ b/lib/librte_cryptodev/rte_crypto_asym.h
@@ -395,21 +395,50 @@ struct rte_crypto_rsa_op_param {
rte_crypto_param message;
/**<
- * Pointer to data
+ * Pointer to input data
* - to be encrypted for RSA public encrypt.
- * - to be decrypted for RSA private decrypt.
* - to be signed for RSA sign generation.
* - to be authenticated for RSA sign verification.
+ *
+ * Pointer to output data
+ * - for RSA private decrypt.
+ * In this case the underlying array should have been
+ * allocated with enough memory to hold plaintext output
+ * (i.e. must be at least RSA key size). The message.length
+ * field should be 0 and will be overwritten by the PMD
+ * with the decrypted length.
+ *
+ * All data is in Octet-string network byte order format.
+ */
+
+ rte_crypto_param cipher;
+ /**<
+ * Pointer to input data
+ * - to be decrypted for RSA private decrypt.
+ *
+ * Pointer to output data
+ * - for RSA public encrypt.
+ * In this case the underlying array should have been allocated
+ * with enough memory to hold ciphertext output (i.e. must be
+ * at least RSA key size). The cipher.length field should
+ * be 0 and will be overwritten by the PMD with the encrypted length.
+ *
+ * All data is in Octet-string network byte order format.
*/
rte_crypto_param sign;
/**<
- * Pointer to RSA signature data. If operation is RSA
- * sign @ref RTE_CRYPTO_ASYM_OP_SIGN, buffer will be
- * over-written with generated signature.
+ * Pointer to input data
+ * - to be verified for RSA public decrypt.
+ *
+ * Pointer to output data
+ * - for RSA private encrypt.
+ * In this case the underlying array should have been allocated
+ * with enough memory to hold signature output (i.e. must be
+ * at least RSA key size). The sign.length field should
+ * be 0 and will be overwritten by the PMD with the signature length.
*
- * Length of the signature data will be equal to the
- * RSA modulus length.
+ * All data is in Octet-string network byte order format.
*/
enum rte_crypto_rsa_padding_type pad;
--
2.1.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v5 3/7] crypto/openssl: add cipher field to openssl RSA implementation
2019-07-18 16:09 [dpdk-dev] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 1/7] cryptodev: change RSA API comments about primes Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 2/7] cryptodev: add cipher field to RSA op Arek Kusztal
@ 2019-07-18 16:09 ` Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 4/7] test: add cipher field to RSA test Arek Kusztal
` (4 subsequent siblings)
7 siblings, 0 replies; 14+ messages in thread
From: Arek Kusztal @ 2019-07-18 16:09 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, shallyv, damianx.nowak, Arek Kusztal
This commit adds cipher field to openssl pmd to comfort to
API change.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
drivers/crypto/openssl/rte_openssl_pmd.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 7c8bf0d..71ae320 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1867,19 +1867,19 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
case RTE_CRYPTO_ASYM_OP_ENCRYPT:
ret = RSA_public_encrypt(op->rsa.message.length,
op->rsa.message.data,
- op->rsa.message.data,
+ op->rsa.cipher.data,
rsa,
pad);
if (ret > 0)
- op->rsa.message.length = ret;
+ op->rsa.cipher.length = ret;
OPENSSL_LOG(DEBUG,
"length of encrypted text %d\n", ret);
break;
case RTE_CRYPTO_ASYM_OP_DECRYPT:
- ret = RSA_private_decrypt(op->rsa.message.length,
- op->rsa.message.data,
+ ret = RSA_private_decrypt(op->rsa.cipher.length,
+ op->rsa.cipher.data,
op->rsa.message.data,
rsa,
pad);
--
2.1.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v5 4/7] test: add cipher field to RSA test
2019-07-18 16:09 [dpdk-dev] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Arek Kusztal
` (2 preceding siblings ...)
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 3/7] crypto/openssl: add cipher field to openssl RSA implementation Arek Kusztal
@ 2019-07-18 16:09 ` Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 5/7] cryptodev: remove RSA PKCS1 BT0 padding Arek Kusztal
` (3 subsequent siblings)
7 siblings, 0 replies; 14+ messages in thread
From: Arek Kusztal @ 2019-07-18 16:09 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, shallyv, damianx.nowak, Arek Kusztal
This patch adds cipher field to RSA test cases
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
app/test/test_cryptodev_asym.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 4dee164..97f3430 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -92,6 +92,7 @@ queue_ops_rsa_sign_verify(struct rte_cryptodev_asym_session *sess)
asym_op->rsa.message.data = rsaplaintext.data;
asym_op->rsa.message.length = rsaplaintext.len;
+ asym_op->rsa.sign.length = 0;
asym_op->rsa.sign.data = output_buf;
asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT1;
@@ -164,6 +165,7 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
uint8_t dev_id = ts_params->valid_devs[0];
struct rte_crypto_op *op, *result_op;
struct rte_crypto_asym_op *asym_op;
+ uint8_t cipher_buf[TEST_DATA_SIZE] = {0};
int ret, status = TEST_SUCCESS;
/* Set up crypto op data structure */
@@ -180,6 +182,8 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
asym_op->rsa.message.data = rsaplaintext.data;
+ asym_op->rsa.cipher.data = cipher_buf;
+ asym_op->rsa.cipher.length = 0;
asym_op->rsa.message.length = rsaplaintext.len;
asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2;
@@ -211,6 +215,7 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
/* Use the resulted output as decryption Input vector*/
asym_op = result_op->asym;
+ asym_op->rsa.message.length = 0;
asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2;
--
2.1.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v5 5/7] cryptodev: remove RSA PKCS1 BT0 padding
2019-07-18 16:09 [dpdk-dev] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Arek Kusztal
` (3 preceding siblings ...)
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 4/7] test: add cipher field to RSA test Arek Kusztal
@ 2019-07-18 16:09 ` Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 6/7] openssl: remove RSA PKCS1_5 " Arek Kusztal
` (2 subsequent siblings)
7 siblings, 0 replies; 14+ messages in thread
From: Arek Kusztal @ 2019-07-18 16:09 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, shallyv, damianx.nowak, Arek Kusztal
BT0 block type padding after rfc2313 has been discontinued.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
lib/librte_cryptodev/rte_crypto_asym.h | 14 +++-----------
1 file changed, 3 insertions(+), 11 deletions(-)
diff --git a/lib/librte_cryptodev/rte_crypto_asym.h b/lib/librte_cryptodev/rte_crypto_asym.h
index 1d4ec80..0442242 100644
--- a/lib/librte_cryptodev/rte_crypto_asym.h
+++ b/lib/librte_cryptodev/rte_crypto_asym.h
@@ -112,17 +112,9 @@ enum rte_crypto_asym_op_type {
enum rte_crypto_rsa_padding_type {
RTE_CRYPTO_RSA_PADDING_NONE = 0,
/**< RSA no padding scheme */
- RTE_CRYPTO_RSA_PKCS1_V1_5_BT0,
- /**< RSA PKCS#1 V1.5 Block Type 0 padding scheme
- * as described in rfc2313
- */
- RTE_CRYPTO_RSA_PKCS1_V1_5_BT1,
- /**< RSA PKCS#1 V1.5 Block Type 01 padding scheme
- * as described in rfc2313
- */
- RTE_CRYPTO_RSA_PKCS1_V1_5_BT2,
- /**< RSA PKCS#1 V1.5 Block Type 02 padding scheme
- * as described in rfc2313
+ RTE_CRYPTO_RSA_PADDING_PKCS1_5,
+ /**< RSA PKCS#1 PKCS1-v1_5 padding scheme. For signatures block type 01,
+ * for encryption block type 02 are used.
*/
RTE_CRYPTO_RSA_PADDING_OAEP,
/**< RSA PKCS#1 OAEP padding scheme */
--
2.1.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v5 6/7] openssl: remove RSA PKCS1_5 BT0 padding
2019-07-18 16:09 [dpdk-dev] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Arek Kusztal
` (4 preceding siblings ...)
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 5/7] cryptodev: remove RSA PKCS1 BT0 padding Arek Kusztal
@ 2019-07-18 16:09 ` Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 7/7] test: remove RSA PKCS1_5 BT0 padding from test cases Arek Kusztal
2019-07-19 4:45 ` [dpdk-dev] [EXT] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Shally Verma
7 siblings, 0 replies; 14+ messages in thread
From: Arek Kusztal @ 2019-07-18 16:09 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, shallyv, damianx.nowak, Arek Kusztal
This patch removes RSA PKCS1_5 BT0 padding from openssl PMD.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
drivers/crypto/openssl/rte_openssl_pmd.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 71ae320..2f55528 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1848,9 +1848,7 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
switch (pad) {
- case RTE_CRYPTO_RSA_PKCS1_V1_5_BT0:
- case RTE_CRYPTO_RSA_PKCS1_V1_5_BT1:
- case RTE_CRYPTO_RSA_PKCS1_V1_5_BT2:
+ case RTE_CRYPTO_RSA_PADDING_PKCS1_5:
pad = RSA_PKCS1_PADDING;
break;
case RTE_CRYPTO_RSA_PADDING_NONE:
--
2.1.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* [dpdk-dev] [PATCH v5 7/7] test: remove RSA PKCS1_5 BT0 padding from test cases
2019-07-18 16:09 [dpdk-dev] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Arek Kusztal
` (5 preceding siblings ...)
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 6/7] openssl: remove RSA PKCS1_5 " Arek Kusztal
@ 2019-07-18 16:09 ` Arek Kusztal
2019-07-19 4:45 ` [dpdk-dev] [EXT] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Shally Verma
7 siblings, 0 replies; 14+ messages in thread
From: Arek Kusztal @ 2019-07-18 16:09 UTC (permalink / raw)
To: dev; +Cc: akhil.goyal, fiona.trahe, shallyv, damianx.nowak, Arek Kusztal
This patch removes RSA PKCS1_5 BT0 padding from test cases
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
app/test/test_cryptodev_asym.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 97f3430..95e7d34 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -94,7 +94,7 @@ queue_ops_rsa_sign_verify(struct rte_cryptodev_asym_session *sess)
asym_op->rsa.message.length = rsaplaintext.len;
asym_op->rsa.sign.length = 0;
asym_op->rsa.sign.data = output_buf;
- asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT1;
+ asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
debug_hexdump(stdout, "message", asym_op->rsa.message.data,
asym_op->rsa.message.length);
@@ -126,7 +126,7 @@ queue_ops_rsa_sign_verify(struct rte_cryptodev_asym_session *sess)
/* Verify sign */
asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
- asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT1;
+ asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
/* Process crypto operation */
if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
@@ -185,7 +185,7 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
asym_op->rsa.cipher.data = cipher_buf;
asym_op->rsa.cipher.length = 0;
asym_op->rsa.message.length = rsaplaintext.len;
- asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2;
+ asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
debug_hexdump(stdout, "message", asym_op->rsa.message.data,
asym_op->rsa.message.length);
@@ -217,7 +217,7 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess)
asym_op = result_op->asym;
asym_op->rsa.message.length = 0;
asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
- asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2;
+ asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
/* Process crypto operation */
if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
--
2.1.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [dpdk-dev] [EXT] [PATCH v5 2/7] cryptodev: add cipher field to RSA op
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 2/7] cryptodev: add cipher field to RSA op Arek Kusztal
@ 2019-07-19 4:42 ` Shally Verma
2019-07-19 5:10 ` Kusztal, ArkadiuszX
0 siblings, 1 reply; 14+ messages in thread
From: Shally Verma @ 2019-07-19 4:42 UTC (permalink / raw)
To: Arek Kusztal, dev
Cc: akhil.goyal, fiona.trahe, damianx.nowak, Sunila Sahu, Ayuj Verma,
Kanaka Durga Kotamarthy
> -----Original Message-----
> From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Sent: Thursday, July 18, 2019 9:40 PM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> <shallyv@marvell.com>; damianx.nowak@intel.com; Arek Kusztal
> <arkadiuszx.kusztal@intel.com>
> Subject: [EXT] [PATCH v5 2/7] cryptodev: add cipher field to RSA op
>
> External Email
>
> ----------------------------------------------------------------------
> Asymmetric nature of RSA algorithm suggest to use additional field for
> output. In place operations still can be done by setting cipher and message
> pointers with the same memory address.
>
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
> lib/librte_cryptodev/rte_crypto_asym.h | 43
> ++++++++++++++++++++++++++++------
> 1 file changed, 36 insertions(+), 7 deletions(-)
>
> diff --git a/lib/librte_cryptodev/rte_crypto_asym.h
> b/lib/librte_cryptodev/rte_crypto_asym.h
> index 02ec304..1d4ec80 100644
> --- a/lib/librte_cryptodev/rte_crypto_asym.h
> +++ b/lib/librte_cryptodev/rte_crypto_asym.h
> @@ -395,21 +395,50 @@ struct rte_crypto_rsa_op_param {
>
> rte_crypto_param message;
> /**<
> - * Pointer to data
> + * Pointer to input data
> * - to be encrypted for RSA public encrypt.
> - * - to be decrypted for RSA private decrypt.
> * - to be signed for RSA sign generation.
> * - to be authenticated for RSA sign verification.
> + *
> + * Pointer to output data
> + * - for RSA private decrypt.
> + * In this case the underlying array should have been
> + * allocated with enough memory to hold plaintext output
> + * (i.e. must be at least RSA key size). The message.length
> + * field should be 0 and will be overwritten by the PMD
> + * with the decrypted length.
> + *
> + * All data is in Octet-string network byte order format.
> + */
As per Fiona feedback in another email, for PMD it does not matter what output buffer length is set to. All matters if it should be allocated large enough as per description in spec.
Given that, there is no need to mention specifically, that length should be set to 0. App can leave it to anything as PMD don't care. It does not and should not check for any valid params here.
Ditto is my feedback on cipher.length description below. There is no need to mention, it should be set to 0 specifically
If we agree, this change can be taken as part of next patch set. Current one can still go on.
Thanks
Shally
> +
> + rte_crypto_param cipher;
> + /**<
> + * Pointer to input data
> + * - to be decrypted for RSA private decrypt.
> + *
> + * Pointer to output data
> + * - for RSA public encrypt.
> + * In this case the underlying array should have been allocated
> + * with enough memory to hold ciphertext output (i.e. must be
> + * at least RSA key size). The cipher.length field should
> + * be 0 and will be overwritten by the PMD with the encrypted
> length.
> + *
> + * All data is in Octet-string network byte order format.
> */
>
> rte_crypto_param sign;
> /**<
> - * Pointer to RSA signature data. If operation is RSA
> - * sign @ref RTE_CRYPTO_ASYM_OP_SIGN, buffer will be
> - * over-written with generated signature.
> + * Pointer to input data
> + * - to be verified for RSA public decrypt.
> + *
> + * Pointer to output data
> + * - for RSA private encrypt.
> + * In this case the underlying array should have been allocated
> + * with enough memory to hold signature output (i.e. must be
> + * at least RSA key size). The sign.length field should
> + * be 0 and will be overwritten by the PMD with the signature length.
> *
> - * Length of the signature data will be equal to the
> - * RSA modulus length.
> + * All data is in Octet-string network byte order format.
> */
>
> enum rte_crypto_rsa_padding_type pad;
> --
> 2.1.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [dpdk-dev] [EXT] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto
2019-07-18 16:09 [dpdk-dev] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Arek Kusztal
` (6 preceding siblings ...)
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 7/7] test: remove RSA PKCS1_5 BT0 padding from test cases Arek Kusztal
@ 2019-07-19 4:45 ` Shally Verma
2019-07-19 12:51 ` Akhil Goyal
7 siblings, 1 reply; 14+ messages in thread
From: Shally Verma @ 2019-07-19 4:45 UTC (permalink / raw)
To: Arek Kusztal, dev
Cc: akhil.goyal, fiona.trahe, damianx.nowak, Ayuj Verma,
Kanaka Durga Kotamarthy, Sunila Sahu
> -----Original Message-----
> From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Sent: Thursday, July 18, 2019 9:40 PM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; Shally Verma
> <shallyv@marvell.com>; damianx.nowak@intel.com; Arek Kusztal
> <arkadiuszx.kusztal@intel.com>
> Subject: [EXT] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric
> crypto
>
> External Email
>
> ----------------------------------------------------------------------
> Ramoved patches that was not acked by Shally.
> So open things:
> 1. Creating padding struct.
> 2. Padding parameters (seedlen, optional label etc).
> 3. Leading zeroes questions.
> 4. Random number requirements.
> 5. Capabilities.
> 6. Verify signature field when none padding.
> 7. Padding none.
> 8. Signature input format.
>
> Arek Kusztal (7):
> cryptodev: change RSA API comments about primes
> cryptodev: add cipher field to RSA op
> crypto/openssl: add cipher field to openssl RSA implementation
> test: add cipher field to RSA test
> cryptodev: remove RSA PKCS1 BT0 padding
> openssl: remove RSA PKCS1_5 BT0 padding
> test: remove RSA PKCS1_5 BT0 padding from test cases
>
> app/test/test_cryptodev_asym.c | 13 ++++---
> drivers/crypto/openssl/rte_openssl_pmd.c | 12 +++----
> lib/librte_cryptodev/rte_crypto_asym.h | 61 +++++++++++++++++++++---
> --------
> 3 files changed, 55 insertions(+), 31 deletions(-)
>
> --
> 2.1.0
With minor feedback on description on Patchv5 2/7,
Series-acked-by: Shally Verma <shallyv@marvell.com>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [dpdk-dev] [EXT] [PATCH v5 2/7] cryptodev: add cipher field to RSA op
2019-07-19 4:42 ` [dpdk-dev] [EXT] " Shally Verma
@ 2019-07-19 5:10 ` Kusztal, ArkadiuszX
0 siblings, 0 replies; 14+ messages in thread
From: Kusztal, ArkadiuszX @ 2019-07-19 5:10 UTC (permalink / raw)
To: Shally Verma, dev
Cc: akhil.goyal, Trahe, Fiona, Nowak, DamianX, Sunila Sahu,
Ayuj Verma, Kanaka Durga Kotamarthy
> > ----------------------------------------------------------------------
> > Asymmetric nature of RSA algorithm suggest to use additional field for
> > output. In place operations still can be done by setting cipher and
> > message pointers with the same memory address.
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> > lib/librte_cryptodev/rte_crypto_asym.h | 43
> > ++++++++++++++++++++++++++++------
> > 1 file changed, 36 insertions(+), 7 deletions(-)
> >
> > diff --git a/lib/librte_cryptodev/rte_crypto_asym.h
> > b/lib/librte_cryptodev/rte_crypto_asym.h
> > index 02ec304..1d4ec80 100644
> > --- a/lib/librte_cryptodev/rte_crypto_asym.h
> > +++ b/lib/librte_cryptodev/rte_crypto_asym.h
> > @@ -395,21 +395,50 @@ struct rte_crypto_rsa_op_param {
> >
> > rte_crypto_param message;
> > /**<
> > - * Pointer to data
> > + * Pointer to input data
> > * - to be encrypted for RSA public encrypt.
> > - * - to be decrypted for RSA private decrypt.
> > * - to be signed for RSA sign generation.
> > * - to be authenticated for RSA sign verification.
> > + *
> > + * Pointer to output data
> > + * - for RSA private decrypt.
> > + * In this case the underlying array should have been
> > + * allocated with enough memory to hold plaintext output
> > + * (i.e. must be at least RSA key size). The message.length
> > + * field should be 0 and will be overwritten by the PMD
> > + * with the decrypted length.
> > + *
> > + * All data is in Octet-string network byte order format.
> > + */
> As per Fiona feedback in another email, for PMD it does not matter what
> output buffer length is set to. All matters if it should be allocated large
> enough as per description in spec.
> Given that, there is no need to mention specifically, that length should be set
> to 0. App can leave it to anything as PMD don't care. It does not and should
> not check for any valid params here.
> Ditto is my feedback on cipher.length description below. There is no need to
> mention, it should be set to 0 specifically
>
> If we agree, this change can be taken as part of next patch set. Current one
> can still go on.
I agree with Shally that it could be anything to work, but on the other hand I agree with Pablo and Fiona comment on future extensions and ABI breakage. Especially on so early level of API development. When we change this field in future that it can be random (which is possible) it will not break anything, but it would not work in the opposite direction.
>
> Thanks
> Shally
>
>
>
> > +
> > + rte_crypto_param cipher;
> > + /**<
> > + * Pointer to input data
> > + * - to be decrypted for RSA private decrypt.
> > + *
> > + * Pointer to output data
> > + * - for RSA public encrypt.
> > + * In this case the underlying array should have been allocated
> > + * with enough memory to hold ciphertext output (i.e. must be
> > + * at least RSA key size). The cipher.length field should
> > + * be 0 and will be overwritten by the PMD with the encrypted
> > length.
> > + *
> > + * All data is in Octet-string network byte order format.
> > */
> >
> > rte_crypto_param sign;
> > /**<
> > - * Pointer to RSA signature data. If operation is RSA
> > - * sign @ref RTE_CRYPTO_ASYM_OP_SIGN, buffer will be
> > - * over-written with generated signature.
> > + * Pointer to input data
> > + * - to be verified for RSA public decrypt.
> > + *
> > + * Pointer to output data
> > + * - for RSA private encrypt.
> > + * In this case the underlying array should have been allocated
> > + * with enough memory to hold signature output (i.e. must be
> > + * at least RSA key size). The sign.length field should
> > + * be 0 and will be overwritten by the PMD with the signature length.
> > *
> > - * Length of the signature data will be equal to the
> > - * RSA modulus length.
> > + * All data is in Octet-string network byte order format.
> > */
> >
> > enum rte_crypto_rsa_padding_type pad;
> > --
> > 2.1.0
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [dpdk-dev] [EXT] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto
2019-07-19 4:45 ` [dpdk-dev] [EXT] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Shally Verma
@ 2019-07-19 12:51 ` Akhil Goyal
2019-07-19 16:23 ` Thomas Monjalon
0 siblings, 1 reply; 14+ messages in thread
From: Akhil Goyal @ 2019-07-19 12:51 UTC (permalink / raw)
To: Shally Verma, Arek Kusztal, dev
Cc: fiona.trahe, damianx.nowak, Ayuj Verma, Kanaka Durga Kotamarthy,
Sunila Sahu
> > ----------------------------------------------------------------------
> > Ramoved patches that was not acked by Shally.
> > So open things:
> > 1. Creating padding struct.
> > 2. Padding parameters (seedlen, optional label etc).
> > 3. Leading zeroes questions.
> > 4. Random number requirements.
> > 5. Capabilities.
> > 6. Verify signature field when none padding.
> > 7. Padding none.
> > 8. Signature input format.
> >
> > Arek Kusztal (7):
> > cryptodev: change RSA API comments about primes
> > cryptodev: add cipher field to RSA op
> > crypto/openssl: add cipher field to openssl RSA implementation
> > test: add cipher field to RSA test
> > cryptodev: remove RSA PKCS1 BT0 padding
> > openssl: remove RSA PKCS1_5 BT0 padding
> > test: remove RSA PKCS1_5 BT0 padding from test cases
> >
> > app/test/test_cryptodev_asym.c | 13 ++++---
> > drivers/crypto/openssl/rte_openssl_pmd.c | 12 +++----
> > lib/librte_cryptodev/rte_crypto_asym.h | 61 +++++++++++++++++++++---
> > --------
> > 3 files changed, 55 insertions(+), 31 deletions(-)
> >
> > --
> > 2.1.0
> With minor feedback on description on Patchv5 2/7,
> Series-acked-by: Shally Verma <shallyv@marvell.com>
Comment on 2/7 shall be taken in next series for next release as suggested by Shally.
Applied to dpdk-next-crypto
Thanks.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [dpdk-dev] [EXT] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto
2019-07-19 12:51 ` Akhil Goyal
@ 2019-07-19 16:23 ` Thomas Monjalon
2019-07-19 16:55 ` Kusztal, ArkadiuszX
0 siblings, 1 reply; 14+ messages in thread
From: Thomas Monjalon @ 2019-07-19 16:23 UTC (permalink / raw)
To: Arek Kusztal
Cc: dev, Akhil Goyal, Shally Verma, fiona.trahe, damianx.nowak,
Ayuj Verma, Kanaka Durga Kotamarthy, Sunila Sahu
19/07/2019 14:51, Akhil Goyal:
> > > Arek Kusztal (7):
> > > cryptodev: change RSA API comments about primes
> > > cryptodev: add cipher field to RSA op
> > > crypto/openssl: add cipher field to openssl RSA implementation
> > > test: add cipher field to RSA test
> > > cryptodev: remove RSA PKCS1 BT0 padding
> > > openssl: remove RSA PKCS1_5 BT0 padding
> > > test: remove RSA PKCS1_5 BT0 padding from test cases
> > >
> > With minor feedback on description on Patchv5 2/7,
> > Series-acked-by: Shally Verma <shallyv@marvell.com>
>
> Comment on 2/7 shall be taken in next series for next release as suggested by Shally.
>
> Applied to dpdk-next-crypto
A commit in cryptodev is removing a field which is removed in PMDs
in next patches. Guess what? It breaks the compilation in the middle.
Anyway, there is no reason for this split, so I squash the patches.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [dpdk-dev] [EXT] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto
2019-07-19 16:23 ` Thomas Monjalon
@ 2019-07-19 16:55 ` Kusztal, ArkadiuszX
0 siblings, 0 replies; 14+ messages in thread
From: Kusztal, ArkadiuszX @ 2019-07-19 16:55 UTC (permalink / raw)
To: Thomas Monjalon
Cc: dev, Akhil Goyal, Shally Verma, Trahe, Fiona, Nowak, DamianX,
Ayuj Verma, Kanaka Durga Kotamarthy, Sunila Sahu
Hi Thomas,
> -----Original Message-----
> From: Thomas Monjalon [mailto:thomas@monjalon.net]
> Sent: Friday, July 19, 2019 6:23 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Cc: dev@dpdk.org; Akhil Goyal <akhil.goyal@nxp.com>; Shally Verma
> <shallyv@marvell.com>; Trahe, Fiona <fiona.trahe@intel.com>; Nowak,
> DamianX <damianx.nowak@intel.com>; Ayuj Verma
> <ayverma@marvell.com>; Kanaka Durga Kotamarthy
> <kkotamarthy@marvell.com>; Sunila Sahu <ssahu@marvell.com>
> Subject: Re: [dpdk-dev] [EXT] [PATCH v5 0/7] Rework API for RSA algorithm in
> asymmetric crypto
>
> 19/07/2019 14:51, Akhil Goyal:
> > > > Arek Kusztal (7):
> > > > cryptodev: change RSA API comments about primes
> > > > cryptodev: add cipher field to RSA op
> > > > crypto/openssl: add cipher field to openssl RSA implementation
> > > > test: add cipher field to RSA test
> > > > cryptodev: remove RSA PKCS1 BT0 padding
> > > > openssl: remove RSA PKCS1_5 BT0 padding
> > > > test: remove RSA PKCS1_5 BT0 padding from test cases
> > > >
> > > With minor feedback on description on Patchv5 2/7,
> > > Series-acked-by: Shally Verma <shallyv@marvell.com>
> >
> > Comment on 2/7 shall be taken in next series for next release as suggested
> by Shally.
> >
> > Applied to dpdk-next-crypto
>
> A commit in cryptodev is removing a field which is removed in PMDs in next
> patches. Guess what? It breaks the compilation in the middle.
> Anyway, there is no reason for this split, so I squash the patches.
[AK] Sorry for that. In future I will squash such commits into one then.
>
>
>
>
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2019-07-19 16:56 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-18 16:09 [dpdk-dev] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 1/7] cryptodev: change RSA API comments about primes Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 2/7] cryptodev: add cipher field to RSA op Arek Kusztal
2019-07-19 4:42 ` [dpdk-dev] [EXT] " Shally Verma
2019-07-19 5:10 ` Kusztal, ArkadiuszX
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 3/7] crypto/openssl: add cipher field to openssl RSA implementation Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 4/7] test: add cipher field to RSA test Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 5/7] cryptodev: remove RSA PKCS1 BT0 padding Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 6/7] openssl: remove RSA PKCS1_5 " Arek Kusztal
2019-07-18 16:09 ` [dpdk-dev] [PATCH v5 7/7] test: remove RSA PKCS1_5 BT0 padding from test cases Arek Kusztal
2019-07-19 4:45 ` [dpdk-dev] [EXT] [PATCH v5 0/7] Rework API for RSA algorithm in asymmetric crypto Shally Verma
2019-07-19 12:51 ` Akhil Goyal
2019-07-19 16:23 ` Thomas Monjalon
2019-07-19 16:55 ` Kusztal, ArkadiuszX
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).