DPDK patches and discussions
 help / color / mirror / Atom feed
From: "Kusztal, ArkadiuszX" <arkadiuszx.kusztal@intel.com>
To: Shally Verma <shallyv@marvell.com>,
	Anoob Joseph <anoobj@marvell.com>,
	Akhil Goyal <akhil.goyal@nxp.com>,
	"Doherty, Declan" <declan.doherty@intel.com>,
	"De Lara Guarch, Pablo" <pablo.de.lara.guarch@intel.com>
Cc: Ayuj Verma <ayverma@marvell.com>,
	"Trahe, Fiona" <fiona.trahe@intel.com>,
	 Jerin Jacob Kollanukkaran <jerinj@marvell.com>,
	Narayana Prasad Raju Athreya <pathreya@marvell.com>,
	Ankur Dwivedi <adwivedi@marvell.com>,
	Sunila Sahu <ssahu@marvell.com>, "dev@dpdk.org" <dev@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH 1/4] lib/crypto: add support for ECDSA
Date: Tue, 14 Jan 2020 11:01:54 +0000	[thread overview]
Message-ID: <BYAPR11MB38310B33F4BD6B1DEE3199F09F340@BYAPR11MB3831.namprd11.prod.outlook.com> (raw)
In-Reply-To: <BN8PR18MB2867F8671C3A080B091576C9AD340@BN8PR18MB2867.namprd18.prod.outlook.com>

Hi guys,

> >
> > > >
> > > > > > +
> > > > > > +	rte_crypto_param k;
> > > > > > +	/**< The ECDSA per-message secret number, which is an
> > integer
> > > > > > +	 * in the interval (1, n-1)
> > > > > > +	 */
> > > > > [Arek] - If pmd can generate 'k' internally we could do something like:
> > > > > 'if k.data == NULL => PMD will generate 'k' internally, k.data
> > > > > remains untouched.'
> > > >
> > > > [Anoob] So that will be exposed as a new capability, right? Do you
> > > > suggest any changes here to accommodate that?
> > > [Arek] Or maybe feature flag, it would apply to DSA as well.
> >
> > [Anoob] I meant feature flag only! Capability is for net devs etc.
> >
> > > >
> > > > > Another option is to provide user with some callback function to
> > > > > generate CSRN which could be useful for RSA PSS, OAEP as well
> > > > > (we already discussed that internally in Intel, I will elaborate
> > > > > on this bit more in
> > > > different thread).
> > > >
> > > > [Anoob] Do you intend to keep the generated CSRN hidden in the PMD?
> > > [Arek] Openssl PMD does that with DSA but iam not a fan of that. But
> > > if some hw can do DSA/ECDSA by generating 'k' by itself it would
> > > have to be
> > added anyway.
> > > Other option is to add aforementioned callbacks (for HW that not
> > > generate
> > 'k'
> > > by itself)
> >
> > [Anoob] I think we can support either case. Our h/w also can generate
> > CSRN and so are open to ideas. Can you explain the proposed callback
> function?
> > Also, we can defer that discussion to a separate thread, if we have an
> > agreement on the approach here.
> >
> [Shally] Just a thought here. It can also be supported by exposing an API to
> application, like pre-compute / pre-setup which can generate 'k' or 'PRF' for
> other algo usage purpose. If PMD support it, return will be success with
> relevant o/p.. if not, return will be failure. Or no offload at all. In any case,
> generation of prf or 'k' is heavy on data path... app can call these pre-setup
> APIs to save cycles on actual sign op.
[AK] - We can start another thread on that. For now this implementation is good too, we can extend API by PMD CSRN option later.
> 
> Shally
> > > >
> > > > >
> > > > > > +
> > > > > > +	rte_crypto_param r;
> > > > > > +	/**< r component of elliptic curve signature
> > > > > > +	 *     output : for signature generation
> > > > > > +	 *     input  : for signature verification
> > > > > > +	 */
> > > > > > +	rte_crypto_param s;
> > > > > > +	/**< s component of elliptic curve signature
> > > > > > +	 *     output : for signature generation
> > > > > > +	 *     input  : for signature verification
> > > > > > +	 */
> > > > > [Arek] - Do we want to add any constraints like 'this field
> > > > > should be big enough to hold...'
> > > >
> > > > [Anoob] For every case where rte_crypto_param is used for
> > > > 'output', application should make sure the buffers are large
> > > > enough. Do you think we could document it somewhere common
> instead
> > > > of adding per
> > > operation?
> > > [Arek]
> > > Both options look good to me.
> >
> > [Anoob] How about updating the description of 'rte_crypto_param' to
> > reflect the same? I can update it in v2, if you can confirm.
[AK] It is ok to me.
> >
> > > >
> > > > > > +};
> > > > > > +
> > > > > > +/**
> > > > > >   * Asymmetric Cryptographic Operation.
> > > > > >   *
> > > > > >   * Structure describing asymmetric crypto operation params.
> > > > > > @@ -537,6 +619,7 @@ struct rte_crypto_asym_op {
> > > > > >  		struct rte_crypto_mod_op_param modinv;
> > > > > >  		struct rte_crypto_dh_op_param dh;
> > > > > >  		struct rte_crypto_dsa_op_param dsa;
> > > > > > +		struct rte_crypto_ecdsa_op_param ecdsa;
> > > > > >  	};
> > > > > >  };
> > > > > >
> > > > > > diff --git a/lib/librte_cryptodev/rte_cryptodev.c
> > > > > > b/lib/librte_cryptodev/rte_cryptodev.c
> > > > > > index 89aa2ed..0d6babb 100644
> > > > > > --- a/lib/librte_cryptodev/rte_cryptodev.c
> > > > > > +++ b/lib/librte_cryptodev/rte_cryptodev.c
> > > > > > @@ -173,6 +173,7 @@ const char
> > > > > > *rte_crypto_asym_xform_strings[]
> > = {
> > > > > >  	[RTE_CRYPTO_ASYM_XFORM_MODINV]	= "modinv",
> > > > > >  	[RTE_CRYPTO_ASYM_XFORM_DH]	= "dh",
> > > > > >  	[RTE_CRYPTO_ASYM_XFORM_DSA]	= "dsa",
> > > > > > +	[RTE_CRYPTO_ASYM_XFORM_ECDSA]	= "ecdsa",
> > > > > >  };
> > > > > >
> > > > > >  /**
> > > > > > --
> > > > > > 2.7.4
> > > > >
> > > > > Regards,
> > > > > Arek

  reply	other threads:[~2020-01-14 11:05 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-05 11:43 [dpdk-dev] [PATCH 0/4] add ECDSA support Anoob Joseph
2019-12-05 11:43 ` [dpdk-dev] [PATCH 1/4] lib/crypto: add support for ECDSA Anoob Joseph
2019-12-20 16:05   ` Kusztal, ArkadiuszX
2020-01-02  7:55     ` Anoob Joseph
2020-01-09 13:03       ` Kusztal, ArkadiuszX
2020-01-13 12:47         ` Akhil Goyal
2020-01-13 16:36         ` Anoob Joseph
2020-01-14  5:12           ` Shally Verma
2020-01-14 11:01             ` Kusztal, ArkadiuszX [this message]
2019-12-05 11:43 ` [dpdk-dev] [PATCH 2/4] crypto/octeontx: add ECDSA support Anoob Joseph
2019-12-05 11:43 ` [dpdk-dev] [PATCH 3/4] crypto/octeontx2: " Anoob Joseph
2019-12-05 11:43 ` [dpdk-dev] [PATCH 4/4] app/test: add ECDSA sign/verify tests Anoob Joseph
2020-01-15 12:43 ` [dpdk-dev] [PATCH v2 0/4] add ECDSA support Anoob Joseph
2020-01-15 12:43   ` [dpdk-dev] [PATCH v2 1/4] cryptodev: support ECDSA Anoob Joseph
2020-01-15 15:51     ` Akhil Goyal
2020-01-15 12:43   ` [dpdk-dev] [PATCH v2 2/4] crypto/octeontx: add ECDSA support Anoob Joseph
2020-01-15 12:43   ` [dpdk-dev] [PATCH v2 3/4] crypto/octeontx2: " Anoob Joseph
2020-01-15 12:43   ` [dpdk-dev] [PATCH v2 4/4] app/test: add ECDSA sign/verify tests Anoob Joseph
2020-01-15 15:50   ` [dpdk-dev] [PATCH v2 0/4] add ECDSA support Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=BYAPR11MB38310B33F4BD6B1DEE3199F09F340@BYAPR11MB3831.namprd11.prod.outlook.com \
    --to=arkadiuszx.kusztal@intel.com \
    --cc=adwivedi@marvell.com \
    --cc=akhil.goyal@nxp.com \
    --cc=anoobj@marvell.com \
    --cc=ayverma@marvell.com \
    --cc=declan.doherty@intel.com \
    --cc=dev@dpdk.org \
    --cc=fiona.trahe@intel.com \
    --cc=jerinj@marvell.com \
    --cc=pablo.de.lara.guarch@intel.com \
    --cc=pathreya@marvell.com \
    --cc=shallyv@marvell.com \
    --cc=ssahu@marvell.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).