From: Ramkumar Balu <rbalu@marvell.com> To: Akhil Goyal <gakhil@marvell.com>, Anoob Joseph <anoobj@marvell.com>, Declan Doherty <declan.doherty@intel.com>, Fan Zhang <roy.fan.zhang@intel.com>, Ankur Dwivedi <adwivedi@marvell.com>, "Tejasree Kondoj" <ktejasree@marvell.com> Cc: <stable@dpdk.org>, <dev@dpdk.org>, Ramkumar <rbalu@marvell.com> Subject: [PATCH 0/5] cryptodev: fix inconsistency in RSA op usage Date: Mon, 29 Nov 2021 09:51:54 +0000 Message-ID: <20211129095159.16376-1-rbalu@marvell.com> (raw) From: Ramkumar <rbalu@marvell.com> The RSA verify operation is performed in two stages: 1. decrypt using public key (output: plaintext message) 2. Compare resultant plaintext message with the expected plaintext message to verify. (return succ/fail in status field) Some applications need the decrypted plaintext (stage 1 result) also to be retunred. For reference, OpenSSL also provides similar API (RSA_public_decrypt). lib cryptodev API failed to specify a field in 'struct rte_crypto_rsa_op_param' to return the plaintext result after public key decryption. It created inconsistency among crypto PMDs in returning plaintext during RSA verify. Inconsistency in RSA verify, crypto/octeontx - uses 'sign' field to return plaintext crypto/cnxk - uses 'sign' field to return plaintext crypto/openssl - does not return plaintext crypto/qat - uses 'cipher' field to return plaintext test/cryptodev_asym - expects PMDs to use 'cipher' field Thus, this patch series fixes all usages to only use 'cipher' field for above described scenario. The 'sign' and 'message' fields are not chosen as they are used for different purpose under same operation. rte_crypto_rsa_op_param struct fields to use for RTE_CRYPTO_ASYM_OP_VERIFY: 1. input: rsa.sign - signature to be decrypted or verified 2. input: rsa.message - expected plaintext, used to compare 3. output: rsa.cipher - resultant plaintext from decryption Ramkumar (5): cryptodev: fix RSA op cipher field description crypto/openssl: fix output of RSA verify op crypto/octeontx: fix output field for RSA verify crypto/octeontx2: fix output field for RSA verify crypto/cnxk: fix output field for RSA verify drivers/crypto/cnxk/cnxk_ae.h | 15 +++++++++------ drivers/crypto/octeontx/otx_cryptodev_ops.c | 10 ++++++---- drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 16 +++++++++------- drivers/crypto/openssl/rte_openssl_pmd.c | 16 +++++++++++----- lib/cryptodev/rte_crypto_asym.h | 7 ++++--- 5 files changed, 39 insertions(+), 25 deletions(-) -- 2.17.1
next reply other threads:[~2021-11-29 10:41 UTC|newest] Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-11-29 9:51 Ramkumar Balu [this message] 2021-11-29 9:51 ` [PATCH 1/5] cryptodev: fix RSA op cipher field description Ramkumar Balu 2021-11-29 9:51 ` [PATCH 2/5] crypto/openssl: fix output of RSA verify op Ramkumar Balu 2021-12-28 9:10 ` Kusztal, ArkadiuszX 2022-01-13 10:34 ` Ramkumar Balu 2021-11-29 9:51 ` [PATCH 3/5] crypto/octeontx: fix output field for RSA verify Ramkumar Balu 2021-11-29 9:51 ` [PATCH 4/5] crypto/octeontx2: " Ramkumar Balu 2021-11-29 9:51 ` [PATCH 5/5] crypto/cnxk: " Ramkumar Balu 2021-12-28 8:58 ` [PATCH 0/5] cryptodev: fix inconsistency in RSA op usage Kusztal, ArkadiuszX
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20211129095159.16376-1-rbalu@marvell.com \ --to=rbalu@marvell.com \ --cc=adwivedi@marvell.com \ --cc=anoobj@marvell.com \ --cc=declan.doherty@intel.com \ --cc=dev@dpdk.org \ --cc=gakhil@marvell.com \ --cc=ktejasree@marvell.com \ --cc=roy.fan.zhang@intel.com \ --cc=stable@dpdk.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
DPDK patches and discussions This inbox may be cloned and mirrored by anyone: git clone --mirror http://inbox.dpdk.org/dev/0 dev/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 dev dev/ http://inbox.dpdk.org/dev \ dev@dpdk.org public-inbox-index dev Example config snippet for mirrors. Newsgroup available over NNTP: nntp://inbox.dpdk.org/inbox.dpdk.dev AGPL code for this site: git clone https://public-inbox.org/public-inbox.git