DPDK patches and discussions
 help / color / mirror / Atom feed
From: "Kusztal, ArkadiuszX" <arkadiuszx.kusztal@intel.com>
To: Ramkumar Balu <rbalu@marvell.com>,
	Akhil Goyal <gakhil@marvell.com>,
	Anoob Joseph <anoobj@marvell.com>,
	"Doherty, Declan" <declan.doherty@intel.com>,
	 "Zhang, Roy Fan" <roy.fan.zhang@intel.com>,
	"Ankur Dwivedi" <adwivedi@marvell.com>,
	Tejasree Kondoj <ktejasree@marvell.com>
Cc: "stable@dpdk.org" <stable@dpdk.org>, "dev@dpdk.org" <dev@dpdk.org>
Subject: RE: [PATCH 0/5] cryptodev: fix inconsistency in RSA op usage
Date: Tue, 28 Dec 2021 08:58:34 +0000
Message-ID: <PH0PR11MB50139AF52BF374B0A2BA57829F439@PH0PR11MB5013.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20211129095159.16376-1-rbalu@marvell.com>

Hi Ramkumar,

> -----Original Message-----
> From: Ramkumar Balu <rbalu@marvell.com>
> Sent: Monday, November 29, 2021 10:52 AM
> To: Akhil Goyal <gakhil@marvell.com>; Anoob Joseph <anoobj@marvell.com>;
> Doherty, Declan <declan.doherty@intel.com>; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>; Ankur Dwivedi <adwivedi@marvell.com>; Tejasree
> Kondoj <ktejasree@marvell.com>
> Cc: stable@dpdk.org; dev@dpdk.org; Ramkumar <rbalu@marvell.com>
> Subject: [PATCH 0/5] cryptodev: fix inconsistency in RSA op usage
> 
> From: Ramkumar <rbalu@marvell.com>
> 
> The RSA verify operation is performed in two stages: 1. decrypt using public key
> (output: plaintext message) 2. Compare resultant plaintext message with the
> expected plaintext message to verify. (return succ/fail in status field) Some
> applications need the decrypted plaintext (stage 1 result) also to be retunred.
[Arek] - It should only be the case when NO_PADDING selected (that's why QAT returns decrypted data, and only because of that), but I would propose to change it that NO_PADDING signature is not possible -> change it to NO_PADDING Private/Public operations (we cannot verify it in PMD anyway as we do not know padding type).
> For reference, OpenSSL also provides similar API (RSA_public_decrypt).
[Arek] - this function is not only deprecated but incorrect. It should not be used for signatures when padding selected. Normally functions that handle padding will only return verification status only, not data.
> 
> lib cryptodev API failed to specify a field in 'struct rte_crypto_rsa_op_param' to
> return the plaintext result after public key decryption. It created inconsistency
> among crypto PMDs in returning plaintext during RSA verify.
> 
> Inconsistency in RSA verify,
> crypto/octeontx - uses 'sign' field to return plaintext crypto/cnxk - uses 'sign'
> field to return plaintext crypto/openssl - does not return plaintext crypto/qat -
> uses 'cipher' field to return plaintext test/cryptodev_asym - expects PMDs to use
> 'cipher' field
> 
> Thus, this patch series fixes all usages to only use 'cipher' field for above
> described scenario.  The 'sign' and 'message' fields are not chosen as they are
> used for different purpose under same operation.
> 
> rte_crypto_rsa_op_param struct fields to use for
> RTE_CRYPTO_ASYM_OP_VERIFY:
> 1. input: rsa.sign - signature to be decrypted or verified 2. input: rsa.message -
> expected plaintext, used to compare 3. output: rsa.cipher - resultant plaintext
> from decryption
> 
> 
> Ramkumar (5):
>   cryptodev: fix RSA op cipher field description
>   crypto/openssl: fix output of RSA verify op
>   crypto/octeontx: fix output field for RSA verify
>   crypto/octeontx2: fix output field for RSA verify
>   crypto/cnxk: fix output field for RSA verify
> 
>  drivers/crypto/cnxk/cnxk_ae.h                 | 15 +++++++++------
>  drivers/crypto/octeontx/otx_cryptodev_ops.c   | 10 ++++++----
>  drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 16 +++++++++-------
>  drivers/crypto/openssl/rte_openssl_pmd.c      | 16 +++++++++++-----
>  lib/cryptodev/rte_crypto_asym.h               |  7 ++++---
>  5 files changed, 39 insertions(+), 25 deletions(-)
> 
> --
> 2.17.1


      parent reply	other threads:[~2021-12-28  8:58 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-29  9:51 Ramkumar Balu
2021-11-29  9:51 ` [PATCH 1/5] cryptodev: fix RSA op cipher field description Ramkumar Balu
2021-11-29  9:51 ` [PATCH 2/5] crypto/openssl: fix output of RSA verify op Ramkumar Balu
2021-12-28  9:10   ` Kusztal, ArkadiuszX
2022-01-13 10:34     ` Ramkumar Balu
2021-11-29  9:51 ` [PATCH 3/5] crypto/octeontx: fix output field for RSA verify Ramkumar Balu
2021-11-29  9:51 ` [PATCH 4/5] crypto/octeontx2: " Ramkumar Balu
2021-11-29  9:51 ` [PATCH 5/5] crypto/cnxk: " Ramkumar Balu
2021-12-28  8:58 ` Kusztal, ArkadiuszX [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=PH0PR11MB50139AF52BF374B0A2BA57829F439@PH0PR11MB5013.namprd11.prod.outlook.com \
    --to=arkadiuszx.kusztal@intel.com \
    --cc=adwivedi@marvell.com \
    --cc=anoobj@marvell.com \
    --cc=declan.doherty@intel.com \
    --cc=dev@dpdk.org \
    --cc=gakhil@marvell.com \
    --cc=ktejasree@marvell.com \
    --cc=rbalu@marvell.com \
    --cc=roy.fan.zhang@intel.com \
    --cc=stable@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

DPDK patches and discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ http://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git