From: Akhil Goyal <gakhil@marvell.com>
To: "Kusztal, ArkadiuszX" <arkadiuszx.kusztal@intel.com>,
"dev@dpdk.org" <dev@dpdk.org>
Cc: "thomas@monjalon.net" <thomas@monjalon.net>,
"david.marchand@redhat.com" <david.marchand@redhat.com>,
"hemant.agrawal@nxp.com" <hemant.agrawal@nxp.com>,
Anoob Joseph <anoobj@marvell.com>,
"De Lara Guarch, Pablo" <pablo.de.lara.guarch@intel.com>,
"Trahe, Fiona" <fiona.trahe@intel.com>,
"Doherty, Declan" <declan.doherty@intel.com>,
"matan@nvidia.com" <matan@nvidia.com>,
"g.singh@nxp.com" <g.singh@nxp.com>,
"Zhang, Roy Fan" <roy.fan.zhang@intel.com>,
"jianjay.zhou@huawei.com" <jianjay.zhou@huawei.com>,
"asomalap@amd.com" <asomalap@amd.com>,
"ruifeng.wang@arm.com" <ruifeng.wang@arm.com>
Subject: Re: [dpdk-dev] [PATCH 2/4] cryptodev: promote asym APIs to stable
Date: Fri, 3 Sep 2021 15:17:27 +0000 [thread overview]
Message-ID: <CO6PR18MB448415AB51C26791079FC62FD8CF9@CO6PR18MB4484.namprd18.prod.outlook.com> (raw)
In-Reply-To: <PH0PR11MB5013126467BDC43A8264AB5F9FCB9@PH0PR11MB5013.namprd11.prod.outlook.com>
Hi Arek,
Do you think all the asym APIs are not eligible for promoting it to stable APIs?
I haven't seen any changes for quite some time and we cannot have it experimental
Forever.
The APIs which you think are expected to change, we can leave them as experimental
And mark the others as stable.
Can you post a patch for it? I will drop it from my series.
Also, could you review the other patches in the series as well.
Regards,
Akhil
> Hi Akhil,
>
> I am not sure if this API is ready to be stable so I will add few comments here:
>
> RSA:
> rte_crypto_param message;
> ...
> * - to be signed for RSA sign generation.
>
> If this message is plaintext, then in case of:
> 1) PKCS1_1.5 padding:
> Standard defines data to be signed as DER encoded struct of digestAlgorithm
> + digest
> (few exceptions I am aware of were TLS prior to 1.2 or IKE version 1)
> - There is no field to specify that, even if PMD would be correctly
> implemented it still would lack information about hash aglorithm.
> - Currently what openssl pmd for example is doing is RSA_private_encrypt
> which omits this step (https://www.openssl.org/docs/man1.1.1/man3/RSA_private_encrypt.html - mentions this).
> 2) PADDING_NONE:
> I cannot find what user is supposed to do in this case, and I think it may be
> quite common option for hw due to reliance on strong CSPRNG for PSS or
> OAEP.
>
> DSA:
> struct rte_crypto_dsa_op_param {
> ...
> There is no 'k' parameter? I though I have added it, how hw with no CSRNG
> should work with DSA?
>
> For ECDSA private key is in Op, for DSA is in xform. Where this inconsistency
> comes from?
>
> /**< x: Private key of the signer in octet-string network
> * byte order format.
> * Used when app has pre-defined private key.
> * Valid only when xform chain is DSA ONLY.
> * if xform chain is DH private key generate + DSA, then DSA sign
> * compute will use internally generated key.
>
> And this one I cannot understand, there is DH and DSA in one line plus seems
> that private dsa key would be generated and used in the same operation.
> We want to create self-signed certificate here on the fly or something?
>
> RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE,
> /**< DH Private Key generation operation */
>
> This is another interesting part (similar to 'k' in (EC)DSA, PSS, QAEO in RSA),
> there was no any type of hw random number generation concept for
> symmetric crypto (i.e. salt, IV, nonce) and here we have
> standalone Diffie Hellman private key generator.
> And since it is no crypto computation but random number generation,
> maybe there should be another module to handle CSRNG or we could
> register randomness
> source into cryptodev, like callback? Another option would be to predefine
> randomness source per device like (i.e. x86 RDRAND, /dev/random) for user
> to decide.
>
> Additionally there is DH op but there is no ECDH (I know there is ECPM, but
> the same way there is MODEXP which creates another inconsistency).
> Optionally we can extend DH API to work with EC?
> EDDSA, EDDH needs to be implemented soon too.
>
> Regards,
> Arek
next prev parent reply other threads:[~2021-09-03 15:17 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-31 18:13 [dpdk-dev] [PATCH 0/4] cryptodev and security ABI improvements Akhil Goyal
2021-07-31 18:13 ` [dpdk-dev] [PATCH 1/4] cryptodev: remove LIST_END enumerators Akhil Goyal
2021-07-31 18:13 ` [dpdk-dev] [PATCH 2/4] cryptodev: promote asym APIs to stable Akhil Goyal
2021-08-30 15:49 ` Kusztal, ArkadiuszX
2021-09-03 15:17 ` Akhil Goyal [this message]
2021-09-07 11:42 ` Kusztal, ArkadiuszX
2021-09-07 11:45 ` Akhil Goyal
2021-09-08 12:37 ` Kinsella, Ray
2023-02-02 10:49 ` [EXT] " Akhil Goyal
2023-02-02 11:02 ` Hemant Agrawal
2023-02-14 18:05 ` Kusztal, ArkadiuszX
2021-07-31 18:13 ` [dpdk-dev] [PATCH 3/4] security: hide internal API Akhil Goyal
2021-09-15 15:54 ` Ananyev, Konstantin
2021-07-31 18:13 ` [dpdk-dev] [PATCH 4/4] security: add reserved bitfields Akhil Goyal
2021-09-15 15:55 ` Ananyev, Konstantin
2021-09-15 16:43 ` Stephen Hemminger
2021-07-31 18:17 ` [dpdk-dev] [PATCH 0/4] cryptodev and security ABI improvements Akhil Goyal
2021-10-08 20:45 ` [dpdk-dev] [PATCH v2 1/3] cryptodev: remove LIST_END enumerators Akhil Goyal
2021-10-08 20:45 ` [dpdk-dev] [PATCH v2 2/3] security: hide internal API Akhil Goyal
2021-10-12 8:50 ` Kinsella, Ray
2021-10-08 20:45 ` [dpdk-dev] [PATCH v2 3/3] security: add reserved bitfields Akhil Goyal
2021-10-11 8:31 ` Thomas Monjalon
2021-10-11 16:58 ` [dpdk-dev] [EXT] " Akhil Goyal
2021-10-11 22:15 ` Stephen Hemminger
2021-10-12 8:31 ` Kinsella, Ray
2021-10-12 6:59 ` Thomas Monjalon
2021-10-12 8:53 ` Kinsella, Ray
2021-10-12 8:50 ` [dpdk-dev] " Kinsella, Ray
2021-10-11 10:46 ` [dpdk-dev] [PATCH v2 1/3] cryptodev: remove LIST_END enumerators Zhang, Roy Fan
2021-10-12 9:55 ` Kinsella, Ray
2021-10-12 10:19 ` [dpdk-dev] [EXT] " Akhil Goyal
2021-10-12 10:50 ` Anoob Joseph
2021-10-12 11:28 ` Kinsella, Ray
2021-10-12 11:34 ` Anoob Joseph
2021-10-12 11:52 ` Thomas Monjalon
2021-10-12 13:38 ` Anoob Joseph
2021-10-12 13:54 ` Thomas Monjalon
2021-10-12 14:18 ` Anoob Joseph
2021-10-12 14:47 ` Kinsella, Ray
2021-10-12 15:06 ` Thomas Monjalon
2021-10-13 5:36 ` Anoob Joseph
2021-10-13 7:02 ` Thomas Monjalon
2021-10-13 7:04 ` Anoob Joseph
2021-10-13 8:39 ` Kinsella, Ray
2021-10-18 5:22 ` [dpdk-dev] [PATCH v3 1/2] security: hide internal API Akhil Goyal
2021-10-18 5:22 ` [dpdk-dev] [PATCH v3 2/2] security: add reserved bitfields Akhil Goyal
2021-10-18 15:39 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CO6PR18MB448415AB51C26791079FC62FD8CF9@CO6PR18MB4484.namprd18.prod.outlook.com \
--to=gakhil@marvell.com \
--cc=anoobj@marvell.com \
--cc=arkadiuszx.kusztal@intel.com \
--cc=asomalap@amd.com \
--cc=david.marchand@redhat.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=fiona.trahe@intel.com \
--cc=g.singh@nxp.com \
--cc=hemant.agrawal@nxp.com \
--cc=jianjay.zhou@huawei.com \
--cc=matan@nvidia.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=roy.fan.zhang@intel.com \
--cc=ruifeng.wang@arm.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).