From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4AE4EA0540; Tue, 24 May 2022 17:34:11 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DE09B400EF; Tue, 24 May 2022 17:34:10 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id 29A51400D6 for ; Tue, 24 May 2022 17:34:08 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653406449; x=1684942449; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=1IxTtZJILX/hKXmp60dsgTk9kMUbWPxMmAePa47wIag=; b=gXTznyTCwAA4o+chhDZkGustYRPmYd3CIkHyRRhvn6njz/68kOB2GzGw TNdsy5bhZjk7+J58ByF2wbkwEqrLMFEBXy+Yyoqq4MHflG5rbNqf0cpgy XFa6gNj+NzgvophXWZlkUBeQGE8/XaBBBABPaRiAeT5iHu/eAQyhOpCHM ZyXDOaszYJsyR5L6vKjHfl7Yqv3Ut0Bvf/Z8lziAYtVs1qQdp8daWO3N9 MaG+GZy0j+d9Df/TUgp4HtqEb88wJPKkyF9Gvu0I9MBXK6qF53Phj4LC6 zP1oi2EZF/Cbym4LzbTAF0vg4NoO7akX6sk8su+EvE5qnlnXyZEVWUYp7 Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10357"; a="273290737" X-IronPort-AV: E=Sophos;i="5.91,248,1647327600"; d="scan'208";a="273290737" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 May 2022 08:33:55 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,248,1647327600"; d="scan'208";a="820338095" Received: from fmsmsx605.amr.corp.intel.com ([10.18.126.85]) by fmsmga006.fm.intel.com with ESMTP; 24 May 2022 08:33:55 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Tue, 24 May 2022 08:33:55 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Tue, 24 May 2022 08:33:54 -0700 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Tue, 24 May 2022 08:33:54 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.176) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Tue, 24 May 2022 08:33:54 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Pw2gUMtabMRg4+sZcuRFaY5QIVANHrweZxqd1nlgqS8MR5pPeAPUw2gdRpHIQKQORFgfFo6zlry4OPvFm9uVbj/KY+xtgNo16ZZ6CBO1VWFxkbpY5kRueNYcw9yGzAGcJ28hj5P+3WlTfcQbUTi6GKtuJQ7zZh6idzFH0s5gNutiO00FvqnDOe//wy2ugwoQetwcD0G/skTiYgKRG0fNK1dv+RIRmLw9gKyrmCGbSinr4wdaRMdftMA+A0MVdmiNfOA3tq7FZBJlPyjcTnwGC1fKFzNuJhsgNfT6lb3gLZe51pUOjnqllxKZKm+d+ta6zoK3TgIF10vXpX83OQJU9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wGzF1TWE726lflfXI3eqm46wuAvrzv7bBLALsdqs+3s=; b=AdADKl1uy0pIihYi+0BKFZ5CSnBjUUtJIHpSvQd3/o4JGlfGtYl1FTOuvr/teMwk1cgjcB9qPRAHnBPJjQVMWaOgnf11HGaVX9mWuuaYmBEN83w0CXpyCdeG2PsW0cwBYQh7sJ1T2j0Pb4NC5o30Y3EQ/erZMqcfVamwiHGn63ZyMSS4vhf1/T4T+R2DLO6/TUGpo2qcbM/ZLhCW6xnmapj7iGcf05SHhNCBYvcpbW3kSCcVacmXGOUMMnmls9ehnTuL/huGE2CrR/6LqxBHPf1IVF/7imgOcshLFMIFQ8Sx72Y2yefwGrJsdp2bCUA/I5VBssVYVcWPYoftQazuIA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from CO1PR11MB5009.namprd11.prod.outlook.com (2603:10b6:303:9e::11) by SA2PR11MB5035.namprd11.prod.outlook.com (2603:10b6:806:116::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5273.15; Tue, 24 May 2022 15:33:52 +0000 Received: from CO1PR11MB5009.namprd11.prod.outlook.com ([fe80::f538:5980:ef0d:b634]) by CO1PR11MB5009.namprd11.prod.outlook.com ([fe80::f538:5980:ef0d:b634%6]) with mapi id 15.20.5273.023; Tue, 24 May 2022 15:33:52 +0000 From: "Kusztal, ArkadiuszX" To: Akhil Goyal , "dev@dpdk.org" CC: Anoob Joseph , "Zhang, Roy Fan" Subject: RE: [EXT] [PATCH 30/40] cryptodev: reduce rsa struct to only necessary fields Thread-Topic: [EXT] [PATCH 30/40] cryptodev: reduce rsa struct to only necessary fields Thread-Index: AQHYbBfEDA0DMcxESkCD9kHQ2PhN8K0uAiuAgAAnxIA= Date: Tue, 24 May 2022 15:33:52 +0000 Message-ID: References: <20220520055445.40063-1-arkadiuszx.kusztal@intel.com> <20220520055445.40063-31-arkadiuszx.kusztal@intel.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-reaction: no-action dlp-version: 11.6.500.17 dlp-product: dlpe-windows authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 607b3ce5-f1b2-4c03-b6a7-08da3d9ace92 x-ms-traffictypediagnostic: SA2PR11MB5035:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: jl1IuplV+KR5jWxEYyyK/MQmLinc643G44HtNzZj1Xv/limd58+rOkKppoBnVuP56MHaDOc3N8KSg6OwEEbsNzWPe4Cv2GweOFhTpmfxDabrCm4kIEZc8ADKLDVox777wK2qbC41mBRkf1A1JaDDntmWQ7qFQmI1GUWe+VxcgU0CxNdCyESmf4sYheTAnGxsW8zaBpvXndsQxnDJWZBYg0nwxhKXDrgBngq8voLIPmi9jFtZUvtunv005kj4gulIUDY9VLRJ2h03qTztIE9l/e/d7e/QNYqs267Wh2n9VFfw9cS6juRg/SxfarYWI8gJ4InEfMaK06UqtCutHkzW+LWUefWhbAgqGS3XJfW4YjDBb/Wx8iqN+z3f6luvM0rsSwF+0R4lkHp2aHtfgeMqwvGz6aSx4ISVal6CK38LMgkZFPYZuBI3SS9zG9z63dktcmdX03x0CJSFALnXxuFIQ3kWo7LADVD4qGmx5FBRYq1i27vRi+54Rwgsq7qdsm+3cPO084+6SKH7IW8xujaGgQRnwklyqnMTJxpgeeQnTCjMx9EZI9nXdknSY+17tFA9PEM9kNW9OkF/+ZuqH/Ib1j4plUETnBr6+nEK5K8HizHv6jd9Svm9S/OrkUbDtGSJVNoAw2ezJ3R1Yir1SX8vnk5mCj5MRKcdsu4QNg63VlbXBZzIZghVj0tEnszMRoiZMKrdV+dFBFehmjYYma/2Ig== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB5009.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(53546011)(52536014)(186003)(316002)(6506007)(54906003)(110136005)(86362001)(64756008)(66556008)(8676002)(76116006)(4326008)(66946007)(9686003)(66446008)(66476007)(7696005)(71200400001)(26005)(107886003)(8936002)(38070700005)(38100700002)(122000001)(82960400001)(83380400001)(2906002)(33656002)(5660300002)(55016003)(508600001); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?Ei/h33z+9jPT2SpULksJ/8GU00mA32pUBKP/XZbqSlr9NX6jmf+orxyEFQDI?= =?us-ascii?Q?T70H5OT0glZC84/VK2enNYIvk2zZqtSnxllctXvqcYVCJEybB5yKm7VHLz+X?= =?us-ascii?Q?Pl4XeKXyt4MK+cjMjBabEC+kuvKaPt65iepWK0BwfRv7yBsIlODPtmuIYEWv?= =?us-ascii?Q?Jt6ouphDh2q2ay35ou0wu/zQMbzMRZtKFeSPN2cjgpg+XdZG5KJgmN/1NSPJ?= =?us-ascii?Q?IQP/gGue/4gz4yCwnZEhQIBKMhFAsXojMsZk3emce9PiIJik6FK40xW3lID5?= =?us-ascii?Q?a8G3C92pNKhO8w22CRelZ66sHGEilaOeAoumoVuen++D15wOlKX3apBIdhvz?= =?us-ascii?Q?cmNm+FYWNjdoKBzAZGsU5TQuk+z4hVcawmeqwOqBfXzFb06by8zaQv1Ino+Z?= =?us-ascii?Q?cVDECgMmKvWDZxCZLLNTAclhy1kD3wT93Fe80qGRo5Xb3Fb1BoxwNanqrdU+?= =?us-ascii?Q?9E1YxAASg0USnynYqJpCYTGjG4j0UmK6RBCUo7MB+YNoJdY7uL8dNEgQAvIX?= =?us-ascii?Q?JYiPgDwHyVOsAgePYZUtESkYIGu5VySoK72+wjudR0oCgIst2PfPuy9jUsKA?= =?us-ascii?Q?wVn45bclIwauzuCDSf+HUVTsbck3i94vTuiUIC67iASr0dGN6a82yifPY6Wq?= =?us-ascii?Q?CfSAM9ONdXig9I1iOcBWBaMMSMm/3ZoST4DA1nu0IBtQXPIMYtbpVrOWmBBH?= =?us-ascii?Q?wvixfVq7PDeM9RtcF06fRbYRA5K0ADvj0amB7sXXyWx96hFuIi8hxuA4S0un?= =?us-ascii?Q?13QHOP5vsKET7WfKNRzXFKuL+JckReWKgAkMYY5IA1LD0oMuz2beo0tWFKjW?= =?us-ascii?Q?qs+gn0LpEe/jQBTio66dK4STPslH/64jzFmksHwxddLGRxILZsZt5R541NRu?= =?us-ascii?Q?Xgq8YqtrcsmVFmHTMystznf2L/nxZOeFgByjCk4w3N6O7hsDgy9gW4O17xcn?= =?us-ascii?Q?DgVZ8VPRSR+k4W9Ix0/buFD6/gICi1P5Fttq+r/d9aHqJnc+wtWfGHhro5xl?= =?us-ascii?Q?b7RUPSTbNMYEfNedvkmkGd4u9wYez0i99neRdpYPzpbqkXhNciIPMQoIt6EZ?= =?us-ascii?Q?GRgUBU08qD26JLl1nemiQLCLTuwChY5HKpNv5xxu5BSDAgJOMBTFm5sd6fpL?= =?us-ascii?Q?KtFAYvnaqAyoKcKpUgdxPYijZUpA+B3KX4AqJ5RQ2eB1OfCNfKTGFX6Lf6R7?= =?us-ascii?Q?iFr4Gc0r4V7+D0hNDrNZb7hG5zz6TFOhSTZdl1g946wXyddIVMfx6huVfHYt?= =?us-ascii?Q?egPTUNb2GT9HgpaKw8fhDPeF/VqU6bDBhErMDR5EJ/ZyDtEFS9hmqMa+hczY?= =?us-ascii?Q?k51IUTXbOT9SJztrFTRcgtrOwdR28IXpKiyF/VbDg4+afAklTWjScXm+3TQC?= =?us-ascii?Q?LOrJVOdzf7eY2KsunwBDIxnsn5PnarAzbb2iqv5UHBlxJi3CSw1r1sw7JopT?= =?us-ascii?Q?4sy2kVuugbcTgZ/lL08kNg6s7BeQJTUi+ZwqQ//Yojz126dyXgWfCBkniPk8?= =?us-ascii?Q?VFdlUxwbiJoFy6ZOHu/Z09ttPiq84W6UENuDm+Q9iaaCdLqnUI2RW087TF/3?= =?us-ascii?Q?wB0fFqmahxq4Rv18XqP2S6FhKpeh2mb8Fqfko3PnHSH8r43Vkw7PtUgLPhU0?= =?us-ascii?Q?xmdaYBnv+4qLbSUosAQbQuA4xjcKu9Q8bHSybVHa0hh5aMs0zCnYqn34QgX1?= =?us-ascii?Q?vMm456rZZN258TqWpXvqSM8z6hayJAUgUNQ0Xtt+tzq7BWUM2qeGAKCgSc3S?= =?us-ascii?Q?mBuJptWzkZNe1p/td6KoQax64iqTKp8=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB5009.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 607b3ce5-f1b2-4c03-b6a7-08da3d9ace92 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 May 2022 15:33:52.6013 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: AXqWPOul0Dr22ITJPpUJHCOwXaaMgQMxwij8mPYGNucK9Cu3VyfiKM5t7SCSIG7HiBnr0eDzF0z1xxXMotPwuLzeTE7lAYpOx9B0vYx/JJw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA2PR11MB5035 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org > -----Original Message----- > From: Akhil Goyal > Sent: Tuesday, May 24, 2022 2:53 PM > To: Kusztal, ArkadiuszX ; dev@dpdk.org > Cc: Anoob Joseph ; Zhang, Roy Fan > > Subject: RE: [EXT] [PATCH 30/40] cryptodev: reduce rsa struct to only nec= essary > fields >=20 > > - reduced rsa struct to only necessary fields. > > RSA operation is generally used with one input and one output. > > One exception for this is signature verification, when RSA verify > > called, both message and signature are inputs, but there is no rsa > > output except for op status. >=20 > I am not sure if this is the correct renaming of fields. >=20 > You are changing the name of message -> input and Cipher and sign -> > output/message union. Right? >=20 > I believe this would impact the existing applications and Would create co= nfusion > as the message was used for input and now it is In union with output. [Arek] - Yes, this will impact current apps. And yes, message may be confus= ing. But main question, is there consensus for the Input - Output approach in RS= A? If not I will drop it from v2. If so, in case SIGNATURE_VERIFY and PADDING_NONE decrypted signature should= be placed in message or cipher with no further PMD involvement. >=20 > The logic listed here is looking very complex. > Please simplify it. Can you try adding comments in the description of str= uct > Instead of individual fields. > > > > Signed-off-by: Arek Kusztal > > --- > > lib/cryptodev/rte_crypto_asym.h | 87 > > +++++++++++++++++++++++---------------- > > -- > > 1 file changed, 50 insertions(+), 37 deletions(-) > > > > diff --git a/lib/cryptodev/rte_crypto_asym.h > > b/lib/cryptodev/rte_crypto_asym.h index c864b8a115..37dd3b9d86 100644 > > --- a/lib/cryptodev/rte_crypto_asym.h > > +++ b/lib/cryptodev/rte_crypto_asym.h > > @@ -362,53 +362,66 @@ struct rte_crypto_rsa_op_param { > > enum rte_crypto_asym_op_type op_type; > > /**< Type of RSA operation for transform */ > > > > - rte_crypto_param message; > > + rte_crypto_param input; > > /**< > > - * Pointer to input data > > - * - to be encrypted for RSA public encrypt. > > - * - to be signed for RSA sign generation. > > - * - to be authenticated for RSA sign verification. > > + * When op_type =3D=3D RTE_CRYPTO_ASYM_OP_ENCRYPT: > > + * If padding.type =3D RTE_CRYPTO_RSA_PADDING_NONE > > + * input should only be used along with cryptographically > > + * secure padding scheme. > > + * If padding.type =3D RTE_CRYPTO_RSA_PADDING_PKCS1_5 > > + * input shall be no longer than public modulus minus 11. > > + * If padding.type =3D RTE_CRYPTO_RSA_PADDING_OAEP > > + * input shall be no longer than public modulus - > > + * 2 * len(hash) - 2. > > + * When op_type =3D=3D RTE_CRYPTO_ASYM_OP_SIGN: > > * > > - * Pointer to output data > > - * - for RSA private decrypt. > > - * In this case the underlying array should have been > > - * allocated with enough memory to hold plaintext output > > - * (i.e. must be at least RSA key size). The message.length > > - * field should be 0 and will be overwritten by the PMD > > - * with the decrypted length. > > + * If padding.type =3D RTE_CRYPTO_RSA_PADDING_NONE > > + * input should only be used along with cryptographically > > + * secure padding scheme. * > > + * If padding.type =3D RTE_CRYPTO_RSA_PADDING_PKCS1_5 or > > + * RTE_CRYPTO_RSA_PADDING_PSS > > + * if the RTE_CRYPTO_RSA_FLAG_PT flag is set, input shall contain > > + * the message to be signed, if this flag is not set, > > + * input shall contain the digest of the message to be signed. >=20 > Does it mean if padding.type =3D RTE_CRYPTO_RSA_PADDING_PKCS1_5 or > RTE_CRYPTO_RSA_PADDING_PSS and if RTE_CRYPTO_RSA_FLAG_PT flag is set [Arek] - this one will be out, no one probably will come asking for this fu= nctionality anyway. >=20 > > * > > - * All data is in Octet-string network byte order format. > > - */ > > - > > - rte_crypto_param cipher; > > - /**< > > - * Pointer to input data > > - * - to be decrypted for RSA private decrypt. > > + * When op_type =3D=3D RTE_CRYPTO_ASYM_OP_DECRYPT: > > * > > - * Pointer to output data > > - * - for RSA public encrypt. > > - * In this case the underlying array should have been allocated > > - * with enough memory to hold ciphertext output (i.e. must be > > - * at least RSA key size). The cipher.length field should > > - * be 0 and will be overwritten by the PMD with the encrypted length. > > + * Input shall contain previously encrypted RSA message. > > * > > - * All data is in Octet-string network byte order format. > > + * When op_type =3D=3D RTE_CRYPTO_ASYM_OP_VERIFY: > > + * > > + * Input shall contain signature to be verified > > */ > > - > > - rte_crypto_param sign; > > + union { > > + rte_crypto_param output; > > + rte_crypto_param message; > > + }; > > /**< > > - * Pointer to input data > > - * - to be verified for RSA public decrypt. > > + * When op_type =3D=3D RTE_CRYPTO_ASYM_OP_ENCRYPT: > > + * > > + * Output shall contain encrypted data, output.length shall > > + * be set to the length of encrypted data. > > + * > > + * When op_type =3D=3D > > RTE_CRYPTO_ASYM_OP_DECRYPT/RTE_CRYPTO_ASYM_OP_SIGN: > > * > > - * Pointer to output data > > - * - for RSA private encrypt. > > - * In this case the underlying array should have been allocated > > - * with enough memory to hold signature output (i.e. must be > > - * at least RSA key size). The sign.length field should > > - * be 0 and will be overwritten by the PMD with the signature length. > > + * If padding.type =3D RTE_CRYPTO_RSA_PADDING_NONE > > + * output shall contain decrypted/signed data, but all leading zeros > > + * shall be preserved. Therefore output.length should be > > + * equal to the length of the modulus.. > > + * For other types of padding, output should contain > > + * decrypted data, and output.length shall be set to the length > > + * of decrypted data. > > * > > - * All data is in Octet-string network byte order format. > > + * When op_type =3D=3D RTE_CRYPTO_ASYM_OP_VERIFY: > > + * > > + * If padding.type =3D RTE_CRYPTO_RSA_PADDING_NONE > > + * output shall contain the public key decrypted signature. > > + * All leading zeroes shall be preserved. > > + * > > + * For other padding types, the message should be set with data for t= he > > + * signature to be compared with. > > */ > > + > > struct rte_crypto_rsa_padding padding; > > /**< RSA padding information */ > > > > -- > > 2.13.6