From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4A846A0547; Mon, 30 Aug 2021 17:49:12 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 09867410E8; Mon, 30 Aug 2021 17:49:12 +0200 (CEST) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mails.dpdk.org (Postfix) with ESMTP id 39302410D8 for ; Mon, 30 Aug 2021 17:49:10 +0200 (CEST) X-IronPort-AV: E=McAfee;i="6200,9189,10092"; a="282013979" X-IronPort-AV: E=Sophos;i="5.84,363,1620716400"; d="scan'208";a="282013979" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Aug 2021 08:49:09 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.84,363,1620716400"; d="scan'208";a="687330159" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by fmsmga006.fm.intel.com with ESMTP; 30 Aug 2021 08:49:08 -0700 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10; Mon, 30 Aug 2021 08:49:08 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10; Mon, 30 Aug 2021 08:49:07 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10 via Frontend Transport; Mon, 30 Aug 2021 08:49:07 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.171) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.10; Mon, 30 Aug 2021 08:49:07 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hDUZ8SJ8Gk0xC2/ULYlYj9zcnBYTICpJyTAZ64aeGECR6ZOV6dnevvjB4zYy3CMsAqNk+4LaYpSQojmQBBzoI1c1vNiP1APFJcaZABDr09lbc79Oq21P8IedhssvigI4P10fuOvjh+AuSUa1UlAVVXcDJfqXHeAgiwQhk33Ovuu6wZ4+xZgcgNfUc91MEVN2fqHQIBEJY4m0sohe/7MpL646yyVy5RyHQxLJDMVNV7gWHo11h8U+Epeewh/BqKOUduz5hopUlu9QwHQB4DAQZ6dEybv5rWEarjQUUwqeGldOOwLN1KN+G2xieyqPmKdnvpLUfAjwnCoJ3pyV89gApQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tK+kTgZ7fU82p5LGkXuwBXs8EUXItJlWEVnYyp6tDug=; b=gdONo2b+ezAPAm00QwE4MZ9h7J1Sfh1ii+bRjE4hNUKRuQxvF3M14zow9shffeoRr117fYPYB/pMmP9OKPkip+YBDM2UOaJG9Uj16GDcJzV74L4fbmrNbU9WiWe7TM/mhOQLA78KCqnk7QwcZ+sHiijuKkPYZynjlOq+EieBmGwJLv5cVh6hjamb3VEVkZMSf5fRyafKF+Y2zismNIdfY2CUmRIrNbaHalTManzQ+TwA5Z9NuaDf14yKsar7PN9tUGfTZEa5Pa3ZpLjeHMgz12kE+yBPW118KMmvC4t8WzLiRrGkb5enc1HzqSBT2cV2ygdGQSkc+Ad8CX9nO9XFjA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tK+kTgZ7fU82p5LGkXuwBXs8EUXItJlWEVnYyp6tDug=; b=IzWhHhEnLyJZHA0rLEbVHtyZixY7hEoqOzYlJY9NQ6NGTfBkIXXmPO2v2mOdZPb7KB/7N2VqXXcGXFHIk7ZFKq9Trtgy7h4emHd5F/zI5mzy2UbSCYgFajhiLgZtA3wHZPdkDXZ8ckENO+YHyUAVTsAYtR9R+3EUiOCdPXB6Vyg= Received: from PH0PR11MB5013.namprd11.prod.outlook.com (2603:10b6:510:30::21) by PH0PR11MB5191.namprd11.prod.outlook.com (2603:10b6:510:3e::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.20; Mon, 30 Aug 2021 15:49:06 +0000 Received: from PH0PR11MB5013.namprd11.prod.outlook.com ([fe80::8d5f:18da:7d0f:d274]) by PH0PR11MB5013.namprd11.prod.outlook.com ([fe80::8d5f:18da:7d0f:d274%8]) with mapi id 15.20.4457.024; Mon, 30 Aug 2021 15:49:06 +0000 From: "Kusztal, ArkadiuszX" To: Akhil Goyal , "dev@dpdk.org" CC: "thomas@monjalon.net" , "david.marchand@redhat.com" , "hemant.agrawal@nxp.com" , "anoobj@marvell.com" , "De Lara Guarch, Pablo" , "Trahe, Fiona" , "Doherty, Declan" , "matan@nvidia.com" , "g.singh@nxp.com" , "Zhang, Roy Fan" , "jianjay.zhou@huawei.com" , "asomalap@amd.com" , "ruifeng.wang@arm.com" Thread-Topic: [dpdk-dev] [PATCH 2/4] cryptodev: promote asym APIs to stable Thread-Index: AQHXhjfz7920p1fab0SEpL/smLnv86uMXyxg Date: Mon, 30 Aug 2021 15:49:06 +0000 Message-ID: References: <20210731181327.660296-1-gakhil@marvell.com> <20210731181327.660296-3-gakhil@marvell.com> In-Reply-To: <20210731181327.660296-3-gakhil@marvell.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-reaction: no-action dlp-version: 11.5.1.3 dlp-product: dlpe-windows authentication-results: marvell.com; dkim=none (message not signed) header.d=none;marvell.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: e341f0bd-51b9-417f-1181-08d96bcdb32c x-ms-traffictypediagnostic: PH0PR11MB5191: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 9NCd8gaEqGo2eEq5bW2iG2ELGmzcJsZ+W72sNel8q+eSeifhaE3Slajr5mgpYipSk6oT2W9EGJTuZ/6Rwa4O54SyaeIPQLGPup0wf3Trh2NhYaKkMk/Nu3zyAyNSIWfeixCWkumIio3Hmm9XI08STZz9nhirxxkLHxMl2OTFIdlZ0hqQpzPBOUeij8bru/AVgeYBudEz5fIUeSigwDjiV5lgoC1fYKySzAXPfh6/qSJnGYghK8OCP8eLa0CtJYgA3+5J8G1j1OrOsaoidfLC9uATtTjsVTL1KTyNuHcu1OiG0mOFjImEx4e8Bvo/MjQx64ucOg8zHKJm4dgT/um/JqqYq8Y5GpNW3fyGe1ZJQeIDvwWwnHcKg0pb+qdkw9EBZ/s6qXhYl3wgYg/l0CpN1c3iKIsP99GMjukGKDF9WofhgimWUsNL5mZYD4C2T+Jc4Xmbi9EY5eesOPQOtTaqzNFr1RJLfvQ7Nyk2cSWkdQBnxWpa8O4QLt6Q7VKTial4PbCIp/1qGZIlSVdivCpTC9THG2tWshLaypiBgXhgEujjV8LyPZfaKLnbzgqVrQiv7tV0blYClojy5jiecMV/cy/DIzGCED5fashgxPv+2+sBAurNScbHxsDZI4X47R47Mth+Jh2fJdCTU8hTLxSM2dpRAyVJYubqV34LLJsNBOvTMHVydvlaLhtFijSnG2P8balLo/ZLHKrgYLcXqhYKB45x0G5Vw8wkEQelAz7lQS8yKi8bdRtXyIiyd/6mQN5xtTeL4tVUjknNq/DfHXkOscRSIYei8HQWAW4ife2ywhA= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB5013.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(396003)(366004)(39860400002)(136003)(376002)(33656002)(7696005)(38070700005)(110136005)(2906002)(186003)(5660300002)(54906003)(9686003)(26005)(53546011)(7416002)(8676002)(86362001)(4326008)(6506007)(122000001)(66446008)(64756008)(66476007)(38100700002)(66556008)(55016002)(52536014)(478600001)(76116006)(8936002)(66946007)(83380400001)(316002)(71200400001); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?M6XNGgO1aEZSOt7HDZDJ8O0+wkKWeaxMhgMhtWGwoaZ22E7b0cmC8TKV48at?= =?us-ascii?Q?tD+6SBW2RPqv09YNFG9unbmWJSa1a8rmureTqi2699BZBIGop/yAxp0bCDgj?= =?us-ascii?Q?UAtMwBrtUhxfOJFQaGzOv1tbNiE/VXrcT/1taUGNU6akPCvqnOd8N73Pzs4J?= =?us-ascii?Q?wegKKPfst/yhz2GAe+qyXwYwjhNZPpQnsNpk4EB24WiEl4O0dqIDQKPlR64g?= =?us-ascii?Q?NrHSAh3roTUb2e5qyZbJPwWibJKVXb8IMVoSDxyNpf4ggvbDOBrSht95rxtK?= =?us-ascii?Q?4SvyyDfPCWtWGfheS0dxqgTDHbYwS/S8ytHs0N4qIiJL2NBZa85sPm7gx2jJ?= =?us-ascii?Q?BLTTzuyw+ddcusQyu0NzzKeFV+GFtco+mmPpv2yqfGHhq08j9xDbk39Pio+d?= =?us-ascii?Q?YLRQOtsuvZ/Uuo+YBMe7mBaxs4SuzfIGhHde1nySBmek16c5gsKuZcoewWhx?= =?us-ascii?Q?Iv1B+CyvMHVOiy7X2C4JG+5CthUslfN2lAGnWm5CzmcBc7r4rZ/d4y3ryuxW?= =?us-ascii?Q?BmqNPjH3ED2fGsZVP0jnvWoTbT54ICouKTLfdCpUsffszraEIsqCoYmlD60W?= =?us-ascii?Q?bi1e3WBRiYHLJdc0Dz13Uw1g2TuWXazcM8bkau3XjDV8lA8odXVcymfNqn9v?= =?us-ascii?Q?24CeL0QVeLGnxrpn5aFzqqzom6P501k6wqdjCKSkdffvltQ48OC1HSewn2Mi?= =?us-ascii?Q?tASC4WcJZqb+vt9l9jVDUYxU1UcSC2thva8KPksh07n/dvh5KNXhCdp8BVT5?= =?us-ascii?Q?1IIJSUTidoFX9+uCz7xxqaPq7ggSwi7gGIE803qAwY3VgkW5lwUtkSohq4ep?= =?us-ascii?Q?6WqXzsc6hUOiCO6SlDpS+6sEK05MGyO8WfMncwX5hJz7lllCl6A9hBpd8nFI?= =?us-ascii?Q?QfYuM5nCtJeWXDqWXb1qjfgxUk1Pk48WNWm0tol6ABlrsZi5m2eFXB9zXA0b?= =?us-ascii?Q?JIayV5cR2s2+WQMHliJlZSZtILKJDw27jY84EZjg8N0T907mPZVSWbHbqvTG?= =?us-ascii?Q?9bRMnwZ5WnWVA1I/Kxqmygzosf3fRSrObUcTC5YsOziCTyLYM2TQIOpvuaM9?= =?us-ascii?Q?DzhHHQNb/0HdyzZqbfiZ0xKSLblA6d58gAMcU4GsEvYlPSESf5qoI+r+z+Aj?= =?us-ascii?Q?RqBTRJMU9/encYGP1o2y/Zy4X14/XV4Y4h8dDWZCk85rv3W/DHiViK6t2G6I?= =?us-ascii?Q?fLox5ZIAVSAW/gAIbzAJ5NHXXPAtc+5warvJeHWnvKlmde7C/Aa5LgcdOXCV?= =?us-ascii?Q?v30k3JziOg3BkjNeEevlVNNHQ9Tgi2kod9dSTjF8v5a73VhKRG8hSfX66aMf?= =?us-ascii?Q?tqBwF6L+FQEH1sFjVe4CML50?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5013.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: e341f0bd-51b9-417f-1181-08d96bcdb32c X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Aug 2021 15:49:06.6779 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: cyV7v/bfGuRjDexMixzSJ6EusuGo9p5LQ2FVlhFKrM0p1BCZZcVTZHe7oS5UjBB2iPJw+icTNF0vR92s+kVdTUGFB2Pfi5zszqYNovX60D0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5191 X-OriginatorOrg: intel.com Subject: Re: [dpdk-dev] [PATCH 2/4] cryptodev: promote asym APIs to stable X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > -----Original Message----- > From: dev On Behalf Of Akhil Goyal > Sent: Saturday, July 31, 2021 8:13 PM > To: dev@dpdk.org > Cc: thomas@monjalon.net; david.marchand@redhat.com; > hemant.agrawal@nxp.com; anoobj@marvell.com; De Lara Guarch, Pablo > ; Trahe, Fiona ; > Doherty, Declan ; matan@nvidia.com; > g.singh@nxp.com; Zhang, Roy Fan ; > jianjay.zhou@huawei.com; asomalap@amd.com; ruifeng.wang@arm.com; > Akhil Goyal > Subject: [dpdk-dev] [PATCH 2/4] cryptodev: promote asym APIs to stable >=20 Hi Akhil, I am not sure if this API is ready to be stable so I will add few comments = here: RSA: rte_crypto_param message; ... * - to be signed for RSA sign generation. If this message is plaintext, then in case of: 1) PKCS1_1.5 padding: Standard defines data to be signed as DER encoded struct of digestAlgorithm= + digest (few exceptions I am aware of were TLS prior to 1.2 or IKE version 1) - There is no field to specify that, even if PMD would be correctly impleme= nted it still would lack information about hash aglorithm. - Currently what openssl pmd for example is doing is RSA_private_encrypt wh= ich omits this step (https://www.openssl.org/docs/man1.1.1/man3/RSA_private= _encrypt.html - mentions this). 2) PADDING_NONE: I cannot find what user is supposed to do in this case, and I think it may = be quite common option for hw due to reliance on strong CSPRNG for PSS or O= AEP. DSA: struct rte_crypto_dsa_op_param { ... There is no 'k' parameter? I though I have added it, how hw with no CSRNG s= hould work with DSA? For ECDSA private key is in Op, for DSA is in xform. Where this inconsisten= cy comes from? /**< x: Private key of the signer in octet-string network * byte order format. * Used when app has pre-defined private key. * Valid only when xform chain is DSA ONLY. * if xform chain is DH private key generate + DSA, then DSA sign * compute will use internally generated key. And this one I cannot understand, there is DH and DSA in one line plus seem= s that private dsa key would be generated and used in the same operation. We want to create self-signed certificate here on the fly or something? RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE, /**< DH Private Key generation operation */ This is another interesting part (similar to 'k' in (EC)DSA, PSS, QAEO in R= SA), there was no any type of hw random number generation concept for symme= tric crypto (i.e. salt, IV, nonce) and here we have standalone Diffie Hellman private key generator. And since it is no crypto computation but random number generation, maybe t= here should be another module to handle CSRNG or we could register randomne= ss source into cryptodev, like callback? Another option would be to predefine = randomness source per device like (i.e. x86 RDRAND, /dev/random) for user t= o decide. Additionally there is DH op but there is no ECDH (I know there is ECPM, but= the same way there is MODEXP which creates another inconsistency). Optiona= lly we can extend DH API to work with EC? EDDSA, EDDH needs to be implemented soon too. Regards, Arek