From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
To: "Kusztal, ArkadiuszX" <arkadiuszx.kusztal@intel.com>,
"dev@dpdk.org" <dev@dpdk.org>, Anoob Joseph <anoobj@marvell.com>,
"Richardson, Bruce" <bruce.richardson@intel.com>,
"ciara.power@intel.com" <ciara.power@intel.com>,
Jerin Jacob <jerinj@marvell.com>,
"fanzhang.oss@gmail.com" <fanzhang.oss@gmail.com>,
"Ji, Kai" <kai.ji@intel.com>,
"jack.bond-preston@foss.arm.com" <jack.bond-preston@foss.arm.com>,
"Marchand, David" <david.marchand@redhat.com>,
"hemant.agrawal@nxp.com" <hemant.agrawal@nxp.com>,
"De Lara Guarch, Pablo" <pablo.de.lara.guarch@intel.com>,
"Trahe, Fiona" <fiona.trahe@intel.com>,
"Doherty, Declan" <declan.doherty@intel.com>,
"matan@nvidia.com" <matan@nvidia.com>,
"ruifeng.wang@arm.com" <ruifeng.wang@arm.com>,
"Gujjar, Abhinandan S" <abhinandan.gujjar@intel.com>,
"maxime.coquelin@redhat.com" <maxime.coquelin@redhat.com>,
"chenbox@nvidia.com" <chenbox@nvidia.com>,
"sunilprakashrao.uttarwar@amd.com"
<sunilprakashrao.uttarwar@amd.com>,
"andrew.boyer@amd.com" <andrew.boyer@amd.com>,
"ajit.khaparde@broadcom.com" <ajit.khaparde@broadcom.com>,
"raveendra.padasalagi@broadcom.com"
<raveendra.padasalagi@broadcom.com>,
"vikas.gupta@broadcom.com" <vikas.gupta@broadcom.com>,
"zhangfei.gao@linaro.org" <zhangfei.gao@linaro.org>,
"g.singh@nxp.com" <g.singh@nxp.com>,
"jianjay.zhou@huawei.com" <jianjay.zhou@huawei.com>,
"Daly, Lee" <lee.daly@intel.com>
Subject: RE: [PATCH] doc: announce cryptodev changes to offload RSA in VirtIO
Date: Thu, 25 Jul 2024 16:00:11 +0000 [thread overview]
Message-ID: <CO1PR18MB471424AEF8EEC943C5202C5ACBAB2@CO1PR18MB4714.namprd18.prod.outlook.com> (raw)
In-Reply-To: <PH0PR11MB501347E8A265AEBBADE097359FAB2@PH0PR11MB5013.namprd11.prod.outlook.com>
[-- Attachment #1: Type: text/plain, Size: 1783 bytes --]
Hi ArkadiuszX,
> +
> +* cryptodev: The struct rte_crypto_rsa_padding will be moved from
> + rte_crypto_rsa_op_param struct to rte_crypto_rsa_xform struct,
> + breaking ABI. The new location is recommended to comply with
> + virtio-crypto specification. Applications and drivers using
> + this struct will be updated.
> +
The problem here, I see is that there is one private key but multiple combinations of padding.
Therefore, for every padding variation, we need to copy the same private key anew, duplicating it in memory.
The only reason for me to keep a session-like struct in asymmetric crypto was exactly this.
Each padding scheme in RSA has its own pros and cons (in terms of implementations as well).
When we share the same private key for Sign (and its public key in case of Encryption) between
multiple crypto ops (varying by padding schemes among cops), a vulnerable attack against one scheme
could potentially open door to used private key in the session and hence take advantage
on other crypto operations.
I think, this could be one reason for why VirtIO spec mandates padding info as session parameter.
Hence, more than duplicating in memory, private and public keys are secured and in catastrophe,
only that session could be destroyed.
Please share your thoughts.
> +* cryptodev: The rte_crypto_rsa_xform struct member to hold private key
> + in either exponent or quintuple format is changed from union to
> +struct
> + data type. This change is to support ASN.1 syntax (RFC 3447 Appendix A.1.2).
> + This change will not break existing applications.
This one I agree. RFC 8017 obsoletes RFC 3447.
Thanks,
Gowrishankar
> --
> 2.21.0
[-- Attachment #2: Type: text/html, Size: 7769 bytes --]
prev parent reply other threads:[~2024-07-25 16:21 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-22 14:55 Gowrishankar Muthukrishnan
2024-07-24 5:10 ` Anoob Joseph
2024-07-24 6:49 ` [EXTERNAL] " Akhil Goyal
2024-07-25 9:48 ` Kusztal, ArkadiuszX
2024-07-25 15:53 ` Gowrishankar Muthukrishnan
2024-07-30 14:39 ` Gowrishankar Muthukrishnan
2024-07-31 12:51 ` Thomas Monjalon
2024-07-31 14:26 ` Thomas Monjalon
2024-08-07 13:31 ` Kusztal, ArkadiuszX
2024-08-18 4:36 ` Gowrishankar Muthukrishnan
2024-07-25 16:00 ` Gowrishankar Muthukrishnan [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CO1PR18MB471424AEF8EEC943C5202C5ACBAB2@CO1PR18MB4714.namprd18.prod.outlook.com \
--to=gmuthukrishn@marvell.com \
--cc=abhinandan.gujjar@intel.com \
--cc=ajit.khaparde@broadcom.com \
--cc=andrew.boyer@amd.com \
--cc=anoobj@marvell.com \
--cc=arkadiuszx.kusztal@intel.com \
--cc=bruce.richardson@intel.com \
--cc=chenbox@nvidia.com \
--cc=ciara.power@intel.com \
--cc=david.marchand@redhat.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=fanzhang.oss@gmail.com \
--cc=fiona.trahe@intel.com \
--cc=g.singh@nxp.com \
--cc=hemant.agrawal@nxp.com \
--cc=jack.bond-preston@foss.arm.com \
--cc=jerinj@marvell.com \
--cc=jianjay.zhou@huawei.com \
--cc=kai.ji@intel.com \
--cc=lee.daly@intel.com \
--cc=matan@nvidia.com \
--cc=maxime.coquelin@redhat.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=raveendra.padasalagi@broadcom.com \
--cc=ruifeng.wang@arm.com \
--cc=sunilprakashrao.uttarwar@amd.com \
--cc=vikas.gupta@broadcom.com \
--cc=zhangfei.gao@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).