DPDK patches and discussions
 help / color / mirror / Atom feed
* [PATCH 0/5] cryptodev: fix inconsistency in RSA op usage
@ 2021-11-29  9:51 Ramkumar Balu
  2021-11-29  9:51 ` [PATCH 1/5] cryptodev: fix RSA op cipher field description Ramkumar Balu
                   ` (5 more replies)
  0 siblings, 6 replies; 9+ messages in thread
From: Ramkumar Balu @ 2021-11-29  9:51 UTC (permalink / raw)
  To: Akhil Goyal, Anoob Joseph, Declan Doherty, Fan Zhang,
	Ankur Dwivedi, Tejasree Kondoj
  Cc: stable, dev, Ramkumar

From: Ramkumar <rbalu@marvell.com>

The RSA verify operation is performed in two stages: 1. decrypt using
public key (output: plaintext message) 2. Compare resultant plaintext
message with the expected plaintext message to verify. (return
succ/fail in status field) Some applications need the decrypted
plaintext (stage 1 result) also to be retunred. For reference, OpenSSL
also provides similar API (RSA_public_decrypt).

lib cryptodev API failed to specify a field in 'struct
rte_crypto_rsa_op_param' to return the plaintext result after public
key decryption. It created inconsistency among crypto PMDs in returning
plaintext during RSA verify.

Inconsistency in RSA verify,
crypto/octeontx - uses 'sign' field to return plaintext
crypto/cnxk - uses 'sign' field to return plaintext
crypto/openssl - does not return plaintext
crypto/qat - uses 'cipher' field to return plaintext
test/cryptodev_asym - expects PMDs to use 'cipher' field

Thus, this patch series fixes all usages to only use 'cipher' field for
above described scenario.  The 'sign' and 'message' fields are not
chosen as they are used for different purpose under same operation.

rte_crypto_rsa_op_param struct fields to use for
RTE_CRYPTO_ASYM_OP_VERIFY:
1. input: rsa.sign - signature to be decrypted or verified
2. input: rsa.message - expected plaintext, used to compare
3. output: rsa.cipher - resultant plaintext from decryption


Ramkumar (5):
  cryptodev: fix RSA op cipher field description
  crypto/openssl: fix output of RSA verify op
  crypto/octeontx: fix output field for RSA verify
  crypto/octeontx2: fix output field for RSA verify
  crypto/cnxk: fix output field for RSA verify

 drivers/crypto/cnxk/cnxk_ae.h                 | 15 +++++++++------
 drivers/crypto/octeontx/otx_cryptodev_ops.c   | 10 ++++++----
 drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 16 +++++++++-------
 drivers/crypto/openssl/rte_openssl_pmd.c      | 16 +++++++++++-----
 lib/cryptodev/rte_crypto_asym.h               |  7 ++++---
 5 files changed, 39 insertions(+), 25 deletions(-)

-- 
2.17.1


^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2022-01-13 10:34 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-29  9:51 [PATCH 0/5] cryptodev: fix inconsistency in RSA op usage Ramkumar Balu
2021-11-29  9:51 ` [PATCH 1/5] cryptodev: fix RSA op cipher field description Ramkumar Balu
2021-11-29  9:51 ` [PATCH 2/5] crypto/openssl: fix output of RSA verify op Ramkumar Balu
2021-12-28  9:10   ` Kusztal, ArkadiuszX
2022-01-13 10:34     ` Ramkumar Balu
2021-11-29  9:51 ` [PATCH 3/5] crypto/octeontx: fix output field for RSA verify Ramkumar Balu
2021-11-29  9:51 ` [PATCH 4/5] crypto/octeontx2: " Ramkumar Balu
2021-11-29  9:51 ` [PATCH 5/5] crypto/cnxk: " Ramkumar Balu
2021-12-28  8:58 ` [PATCH 0/5] cryptodev: fix inconsistency in RSA op usage Kusztal, ArkadiuszX

DPDK patches and discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ http://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git