From: "Kusztal, ArkadiuszX" <arkadiuszx.kusztal@intel.com>
To: Shally Verma <shallyv@marvell.com>,
Anoob Joseph <anoobj@marvell.com>,
Akhil Goyal <akhil.goyal@nxp.com>,
"Doherty, Declan" <declan.doherty@intel.com>,
"De Lara Guarch, Pablo" <pablo.de.lara.guarch@intel.com>
Cc: Ayuj Verma <ayverma@marvell.com>,
"Trahe, Fiona" <fiona.trahe@intel.com>,
Jerin Jacob Kollanukkaran <jerinj@marvell.com>,
Narayana Prasad Raju Athreya <pathreya@marvell.com>,
Ankur Dwivedi <adwivedi@marvell.com>,
Sunila Sahu <ssahu@marvell.com>, "dev@dpdk.org" <dev@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH 1/4] lib/crypto: add support for ECDSA
Date: Tue, 14 Jan 2020 11:01:54 +0000 [thread overview]
Message-ID: <BYAPR11MB38310B33F4BD6B1DEE3199F09F340@BYAPR11MB3831.namprd11.prod.outlook.com> (raw)
In-Reply-To: <BN8PR18MB2867F8671C3A080B091576C9AD340@BN8PR18MB2867.namprd18.prod.outlook.com>
Hi guys,
> >
> > > >
> > > > > > +
> > > > > > + rte_crypto_param k;
> > > > > > + /**< The ECDSA per-message secret number, which is an
> > integer
> > > > > > + * in the interval (1, n-1)
> > > > > > + */
> > > > > [Arek] - If pmd can generate 'k' internally we could do something like:
> > > > > 'if k.data == NULL => PMD will generate 'k' internally, k.data
> > > > > remains untouched.'
> > > >
> > > > [Anoob] So that will be exposed as a new capability, right? Do you
> > > > suggest any changes here to accommodate that?
> > > [Arek] Or maybe feature flag, it would apply to DSA as well.
> >
> > [Anoob] I meant feature flag only! Capability is for net devs etc.
> >
> > > >
> > > > > Another option is to provide user with some callback function to
> > > > > generate CSRN which could be useful for RSA PSS, OAEP as well
> > > > > (we already discussed that internally in Intel, I will elaborate
> > > > > on this bit more in
> > > > different thread).
> > > >
> > > > [Anoob] Do you intend to keep the generated CSRN hidden in the PMD?
> > > [Arek] Openssl PMD does that with DSA but iam not a fan of that. But
> > > if some hw can do DSA/ECDSA by generating 'k' by itself it would
> > > have to be
> > added anyway.
> > > Other option is to add aforementioned callbacks (for HW that not
> > > generate
> > 'k'
> > > by itself)
> >
> > [Anoob] I think we can support either case. Our h/w also can generate
> > CSRN and so are open to ideas. Can you explain the proposed callback
> function?
> > Also, we can defer that discussion to a separate thread, if we have an
> > agreement on the approach here.
> >
> [Shally] Just a thought here. It can also be supported by exposing an API to
> application, like pre-compute / pre-setup which can generate 'k' or 'PRF' for
> other algo usage purpose. If PMD support it, return will be success with
> relevant o/p.. if not, return will be failure. Or no offload at all. In any case,
> generation of prf or 'k' is heavy on data path... app can call these pre-setup
> APIs to save cycles on actual sign op.
[AK] - We can start another thread on that. For now this implementation is good too, we can extend API by PMD CSRN option later.
>
> Shally
> > > >
> > > > >
> > > > > > +
> > > > > > + rte_crypto_param r;
> > > > > > + /**< r component of elliptic curve signature
> > > > > > + * output : for signature generation
> > > > > > + * input : for signature verification
> > > > > > + */
> > > > > > + rte_crypto_param s;
> > > > > > + /**< s component of elliptic curve signature
> > > > > > + * output : for signature generation
> > > > > > + * input : for signature verification
> > > > > > + */
> > > > > [Arek] - Do we want to add any constraints like 'this field
> > > > > should be big enough to hold...'
> > > >
> > > > [Anoob] For every case where rte_crypto_param is used for
> > > > 'output', application should make sure the buffers are large
> > > > enough. Do you think we could document it somewhere common
> instead
> > > > of adding per
> > > operation?
> > > [Arek]
> > > Both options look good to me.
> >
> > [Anoob] How about updating the description of 'rte_crypto_param' to
> > reflect the same? I can update it in v2, if you can confirm.
[AK] It is ok to me.
> >
> > > >
> > > > > > +};
> > > > > > +
> > > > > > +/**
> > > > > > * Asymmetric Cryptographic Operation.
> > > > > > *
> > > > > > * Structure describing asymmetric crypto operation params.
> > > > > > @@ -537,6 +619,7 @@ struct rte_crypto_asym_op {
> > > > > > struct rte_crypto_mod_op_param modinv;
> > > > > > struct rte_crypto_dh_op_param dh;
> > > > > > struct rte_crypto_dsa_op_param dsa;
> > > > > > + struct rte_crypto_ecdsa_op_param ecdsa;
> > > > > > };
> > > > > > };
> > > > > >
> > > > > > diff --git a/lib/librte_cryptodev/rte_cryptodev.c
> > > > > > b/lib/librte_cryptodev/rte_cryptodev.c
> > > > > > index 89aa2ed..0d6babb 100644
> > > > > > --- a/lib/librte_cryptodev/rte_cryptodev.c
> > > > > > +++ b/lib/librte_cryptodev/rte_cryptodev.c
> > > > > > @@ -173,6 +173,7 @@ const char
> > > > > > *rte_crypto_asym_xform_strings[]
> > = {
> > > > > > [RTE_CRYPTO_ASYM_XFORM_MODINV] = "modinv",
> > > > > > [RTE_CRYPTO_ASYM_XFORM_DH] = "dh",
> > > > > > [RTE_CRYPTO_ASYM_XFORM_DSA] = "dsa",
> > > > > > + [RTE_CRYPTO_ASYM_XFORM_ECDSA] = "ecdsa",
> > > > > > };
> > > > > >
> > > > > > /**
> > > > > > --
> > > > > > 2.7.4
> > > > >
> > > > > Regards,
> > > > > Arek
next prev parent reply other threads:[~2020-01-14 11:05 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-05 11:43 [dpdk-dev] [PATCH 0/4] add ECDSA support Anoob Joseph
2019-12-05 11:43 ` [dpdk-dev] [PATCH 1/4] lib/crypto: add support for ECDSA Anoob Joseph
2019-12-20 16:05 ` Kusztal, ArkadiuszX
2020-01-02 7:55 ` Anoob Joseph
2020-01-09 13:03 ` Kusztal, ArkadiuszX
2020-01-13 12:47 ` Akhil Goyal
2020-01-13 16:36 ` Anoob Joseph
2020-01-14 5:12 ` Shally Verma
2020-01-14 11:01 ` Kusztal, ArkadiuszX [this message]
2019-12-05 11:43 ` [dpdk-dev] [PATCH 2/4] crypto/octeontx: add ECDSA support Anoob Joseph
2019-12-05 11:43 ` [dpdk-dev] [PATCH 3/4] crypto/octeontx2: " Anoob Joseph
2019-12-05 11:43 ` [dpdk-dev] [PATCH 4/4] app/test: add ECDSA sign/verify tests Anoob Joseph
2020-01-15 12:43 ` [dpdk-dev] [PATCH v2 0/4] add ECDSA support Anoob Joseph
2020-01-15 12:43 ` [dpdk-dev] [PATCH v2 1/4] cryptodev: support ECDSA Anoob Joseph
2020-01-15 15:51 ` Akhil Goyal
2020-01-15 12:43 ` [dpdk-dev] [PATCH v2 2/4] crypto/octeontx: add ECDSA support Anoob Joseph
2020-01-15 12:43 ` [dpdk-dev] [PATCH v2 3/4] crypto/octeontx2: " Anoob Joseph
2020-01-15 12:43 ` [dpdk-dev] [PATCH v2 4/4] app/test: add ECDSA sign/verify tests Anoob Joseph
2020-01-15 15:50 ` [dpdk-dev] [PATCH v2 0/4] add ECDSA support Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BYAPR11MB38310B33F4BD6B1DEE3199F09F340@BYAPR11MB3831.namprd11.prod.outlook.com \
--to=arkadiuszx.kusztal@intel.com \
--cc=adwivedi@marvell.com \
--cc=akhil.goyal@nxp.com \
--cc=anoobj@marvell.com \
--cc=ayverma@marvell.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=fiona.trahe@intel.com \
--cc=jerinj@marvell.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=pathreya@marvell.com \
--cc=shallyv@marvell.com \
--cc=ssahu@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).