From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A1FC8A00C4 for ; Mon, 30 May 2022 14:22:41 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 32A2140694; Mon, 30 May 2022 14:22:41 +0200 (CEST) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mails.dpdk.org (Postfix) with ESMTP id 8DD42400D6 for ; Mon, 30 May 2022 14:22:38 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653913358; x=1685449358; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=N7NxWj4Npdfv3cajtLrZfOxEKKiGQCRV+crZIPDR67I=; b=StOJPWE1A3MDpVkZGpfAIENfN7b4DV1RmbGhMuHsIlTGD4IfNN7dLCYX 5i/bZQ3NJXHpIuoVxsyUh8NHRHKWm02biIq1vrFpPNAG/YhNGxhtueC4G D0AmMFfnMpia15p5/ek1eIL1O1i/sjlJXLBmKFAc1rKSI4bOx46FKzwN6 BH0Lsv4GMh2fjwN7IrTU86zyeaq+BdYl8TtYC7CNNFxtOxMQou6Y0V3Td R9/A0wDWIeqVTUK6Nhc9zOHQX3X6hcbgrLRU5v9XVDrv7X6rQtZFV6CWt 7XfJMz8CuR6aDmL3VRLUYNiOfOdLx65cr4gis/KNaP6HD21pXCmjOji7f g==; X-IronPort-AV: E=McAfee;i="6400,9594,10362"; a="257049651" X-IronPort-AV: E=Sophos;i="5.91,262,1647327600"; d="scan'208,217";a="257049651" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 May 2022 05:22:17 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,262,1647327600"; d="scan'208,217";a="632594665" Received: from orsmsx606.amr.corp.intel.com ([10.22.229.19]) by fmsmga008.fm.intel.com with ESMTP; 30 May 2022 05:22:17 -0700 Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by ORSMSX606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Mon, 30 May 2022 05:22:16 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Mon, 30 May 2022 05:22:16 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.169) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Mon, 30 May 2022 05:22:16 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BsqlxEwLs3kbHqrE9KdcSjDa55/7U0DwC9MEz69jUeEaHGDe1PkUyjtLY5QueCREhwI+MDQO3wtUUpJUQRQPbTBZfQhMlEjZ6B4BcB35fFl6TMF9Jkbk+UeZne+h/wvYfbOwch4u70OQiroXs5hCYIfWONmIHyG6UewP7M9UN1ejOW+ylKQhFh+eXGhBJXl6cwicoF6RRo7JjXmd3hh8VrH2yLY+f53F+IVIisCXnQB29usjkAG0axnTi4gJHfnr6zwUebG9+qd4DBBdMmAf1J2EJyVjFier5ycVZqvx+/fYdBmBEjrLICa8UeFPPQa8tieuuxp8We9Uom6pBjTSvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lbJW2R6yd3U3+QFix0uUuMs+UNPU6xsj2/047l2QGJU=; b=K4TbxSSx8iKk4br5FVUnWmr63yfzGIEeWwxpJXNglDNm5NIkuJtt69bOYrK1kk+JAkSe6loVmYy6HgSkHUqg1fttYTguHH6rIHHnR/lxq7IXdofDn7fXDde44zL8ZDIMnSf8O4p9SW1UXZCIswPa9TEyB4nYTQ04u9UrKnlBu1GsGlCI7JqM2if1AH/EIKUx5vi6q1G8nmMASf4Ytt67P4I62sgt+fHjTP1HvlEFO5jwuhNaPxdmwVOEdCvPh8sxEorufVzI8G7+WRy9uAPq+sLcvMGL0vz9J+JAeKviF3b6NetyU2lYQl5FbcYdXtHCyLsEPc5z15VecW5f2kvVmw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH0PR11MB5013.namprd11.prod.outlook.com (2603:10b6:510:30::21) by MN2PR11MB4646.namprd11.prod.outlook.com (2603:10b6:208:264::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5293.13; Mon, 30 May 2022 12:22:15 +0000 Received: from PH0PR11MB5013.namprd11.prod.outlook.com ([fe80::c1de:722f:b4f3:91b5]) by PH0PR11MB5013.namprd11.prod.outlook.com ([fe80::c1de:722f:b4f3:91b5%3]) with mapi id 15.20.5293.019; Mon, 30 May 2022 12:22:15 +0000 From: "Kusztal, ArkadiuszX" To: Balakrishnan K , "users@dpdk.org" Subject: RE: how to use crypto openssl PMD for asymmetric encryption and decryption Thread-Topic: how to use crypto openssl PMD for asymmetric encryption and decryption Thread-Index: Adhul7L76HpVKxCxQgm6OmL7h9++VgACBMowACMLKYAACHjIQAAGYdCQAC24WYAAASZVAAD+ROEAAACJjOA= Date: Mon, 30 May 2022 12:22:15 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_ActionId=1e9b2051-9f45-4073-b7f5-e6b509538b52; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_ContentBits=0; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_Enabled=true; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_Method=Privileged; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_Name=General-Test; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_SetDate=2022-05-23T11:32:59Z; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_SiteId=20210462-2c5e-4ec8-b3e2-0be950f292ca; dlp-reaction: no-action dlp-version: 11.6.500.17 dlp-product: dlpe-windows authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1f2a0d2f-fba9-4770-c4c9-08da4237082d x-ms-traffictypediagnostic: MN2PR11MB4646:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 1y5p7Nmjx/cbwW+aG4N+7I9iLmfhrVQI+GPDG5OChvJMufl0F1xnBLO35TVYwyFIoGHwcrw0mfyvsImobxoWSnXf1SNitBNv6LcOSc9tIdTDAUpd3kkRK/2vDMTHR6WGKmyvPPKjHSpadsaIz+dwF+vaXhvdL6wyWPGYPp8Tvm4Q0ptBzEq+pAN4DVQp8FJZXsraOpJnlTz+VuOsBIVemCo1iAftPMoVjmCSFUSdd1zSYrxssBZm3vQU0APCAghQob1bx+LJr0AzG9Qad4vVvzW4VT4MwsuPCHs8fdJ5BHcvyAm8G62oyaRzzG3/1BKVNy5tqjOaAiiuFIfon74DN9PzA+fOsLNNICBQq/aib9mAZ63NNKBwuPXZuXcEPJTjxbbfS/SpKMSia/zAhcQLVoCg5qLY6gB2tMsYWCSW/WpHUDAw6ICv0OeGTatEq47SLtPBRZueBMM12E6+oI5VMoaSNcpKUS0Utf7b00FNVwEtbyeHuKJjbPkVemVXhazqJ/nvPNIKjYTcwaCrEf3oGdR8f8e6a0tAz0ZjVh51o2mkOnh/s5uJUR9Fa/XJhOko1SZ89HuEly1lll5Nc/qwej1LqgDQwiueZq8ylQczaeOliPVipsBYyGid018u9lLjW2uwD1YBio3rnldQD09NUE6fliKdMEEF5ERyuOo6Th9sg/YgsLr3TPd+WlhgtRHrumAS1kKqGQ3J9QFelG5wZgxPpMzs2Ec5/YdScbgNbNy/aH/W3nunGS4a/J17VC3dpkwk08VGEnfQ7rAM2mbrvFG0tN9bzhPJi6P0Tt38xYQ= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB5013.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(64756008)(66556008)(66476007)(33656002)(110136005)(508600001)(66946007)(66446008)(186003)(76116006)(966005)(122000001)(83380400001)(55016003)(38070700005)(2906002)(38100700002)(86362001)(82960400001)(6506007)(7696005)(26005)(9686003)(166002)(71200400001)(52536014)(5660300002)(8936002)(53546011)(316002)(8676002); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?peZwaoWXVNajNdIZL9XvKhpFYN9+b787OJsIz+CqN9s7gb9NPbA3rFH2V2Yz?= =?us-ascii?Q?9jmDQE260VjI48QMDlGf5bMhV7RVAwj7upJPLLDMNOTvTFsBRTWd0aSXVHPJ?= =?us-ascii?Q?jAMux5u030n2tO7sVu7Q3CdonHBB0EeKR5JBuBNNOz1c9uoDIHmftr7YXQq6?= =?us-ascii?Q?tsTRA3UvFk1B3/rOFPQsfM5aNHuLFw4l78/QRCCZRG0JGmwAZZo6fasx0SL3?= =?us-ascii?Q?tYPv7xV41tCYaiTHsHnjOqQIWsb3s4Os4V68FoL/oDLixoIbsFM820eiS3d0?= =?us-ascii?Q?YjN4OLjLiV5HVK58VCtyRdUpamJlaozoZ2bQOBlqI8s/Yt1c13F+FBa9DZr4?= =?us-ascii?Q?MyyDp/DCOqD2xsfA7uKXHNBhtAcmJoji17HL6Dl7zaUZJO41MiTzz6iPoLWG?= =?us-ascii?Q?kXis1kqhZzh9XA9MRMMHgLg8MJe1QyUhCMFHx8MTJr7LKH+a5LWZ2fjClnW9?= =?us-ascii?Q?Cf4e85z8gyQ8UEhv9t4aMXilElEpaP98ab38YLtd6W7BbG5JidCo2sezrfuX?= =?us-ascii?Q?Ti8ytiL+qVlrbZ9nCxo02le554KcYRZfP/xrHE7U67kAnu60iHFWsk+YKk8b?= =?us-ascii?Q?Iq3GwnUmNSD1pm8Vajh/rzEPuCtvGimhK82FXedQqE2olIB2GgIehMYS+l/3?= =?us-ascii?Q?8Zq4LrLzKcHgzTEv/LkJd8r3rWZFcXKocaG3ZalDdsjaEFOBDg6gBvJvGfQ4?= =?us-ascii?Q?40royJM7tYBgti+Quau6kumZS7JfNXx+D+VHBL3SdQhlQkhL3uY/CVSpqcXv?= =?us-ascii?Q?UgsNDWKzIOI2xQNlobw37AzZoQN1XUWuvglzuZZCC/TNrVKOYm4zVqfGBESn?= =?us-ascii?Q?AMAVf9Rs0OHxub3uAcm8Rqa0qDZdoqZpQ5jimZeruOXpJdMTON9M5/pDhxKE?= =?us-ascii?Q?yH+RbxwqYFDE/tAT7S/HpdkuZ6Zacahg2uusoqmuGQcPQ+/ozSwO0zDL58u3?= =?us-ascii?Q?fJZwpXLxYSFKKLGxZRJz59VIscPwq2nN17axk8mq6cYgY7oljbDa1H9jm0u1?= =?us-ascii?Q?NPyanQB5t8yGrljGSGKfw7q9dwfLPjMtD6vcU/Vpv00RFl4wVOI98uK96yz7?= =?us-ascii?Q?SRB0hYgXtb+sMoe+86xIEJrOg/iHCIQ2oQk469KYiFg8m9PCOOULtabZ8ye6?= =?us-ascii?Q?JK+5+em++JIiPJ5z8xZQVNWHIeJge9z8kJDErgyEaqyEZADmnivJbd7lkXrc?= =?us-ascii?Q?hkwORfohg5w1ywVE++epdK2d39vm2Z6ImIBH5jeQp9QRtxuIaHermkYA/u1V?= =?us-ascii?Q?b0+NeS48dFc8eI+rlk1dW5sMSIX7uuqVLQ6Ex0stpZLJDnb/6cM2lOKPT4ip?= =?us-ascii?Q?oR3YuBnH/0BDKhCp+qJQoAg+0e0VZDmrug3G+qjErR5F6QgEE48c1vbUmZG5?= =?us-ascii?Q?jL/lvXuHrKN3SA+b+W4BKCgJ3cEooMd+QZ1K/0uqZD/5KfFOggIE9rXmhrrB?= =?us-ascii?Q?CvAcbTJ8/bTV5YMnatDMHTRtRQGE83xffIxmhBXJCXJTMBnme40MPc1brMZm?= =?us-ascii?Q?Gpor+yC97JPngvG2TxKt6LSlF6bxywbM0NjUm1oDqzunETtTlDvEI0CaYVeZ?= =?us-ascii?Q?RDjnU+XrNlqeZPp0O8xIgXl8BE7OYCqr7iocoXocDMPPJ2J7R+0ZTIee8yf2?= =?us-ascii?Q?Ae+QvV+zu16jGuQTm49fv6vRXmvcypfpOpNP4yeol5Hv9zzXvzZns3Zs+an4?= =?us-ascii?Q?3XPQGGpssR1LmbFMxzzJNCBGCI4Orpecer7Sr8cL7ON3Ami66w5U0ZfJl3vH?= =?us-ascii?Q?BAkayfFUCRavWrEitbo4if+DSvjQI5M=3D?= Content-Type: multipart/alternative; boundary="_000_PH0PR11MB5013F2343607BD0D102493DF9FDD9PH0PR11MB5013namp_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5013.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1f2a0d2f-fba9-4770-c4c9-08da4237082d X-MS-Exchange-CrossTenant-originalarrivaltime: 30 May 2022 12:22:15.3572 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: RtYQ3zGYyxmf+Ljw+S+Kbehj4hkPl6L3nMaDhGQWIdnQ9nlYqpduhAQum5Qm4SPhlQNegX4uewkYO6T6QxiU9Ps8e6bhiXK3HSHl3iVILZ0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4646 X-OriginatorOrg: intel.com X-BeenThere: users@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK usage discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: users-bounces@dpdk.org --_000_PH0PR11MB5013F2343607BD0D102493DF9FDD9PH0PR11MB5013namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable For the Asym Cryptodev data to be encrypted it totally opaque -> it does no= t hold any information about data provided by the user, except for the algo= rithm parameters of course. So for example for the RSA, data that "asym_op-= >rsa.message.data" points to, will be encrypted up to the size of "asym_op-= >rsa.message.length" (provided size is in scope of possible encryption size= s) regardless if it is TLS or IKE or anything else. From: Balakrishnan K Sent: Monday, May 30, 2022 1:59 PM To: Kusztal, ArkadiuszX ; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Arek, Thanks for your inputs. I wrote the sample application to encrypt the text from a file also decrypt= ing the same. Now next step is to encrypt the incoming packets. I have one basic doubt. During rte_cryptodev_enqueue_burst call with operat= ion type as RTE_CRYPTO_ASYM_OP_ENCRYPT. For the incoming packet. what is being encrypted ,Is it entire packet or the payload(data section) ? Regards, Bala From: Kusztal, ArkadiuszX > Sent: 25 May 2022 16:13 To: Balakrishnan K >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Bala, To fill the below struct do I need to extract Publickey exponent , Private = key exponent etc. [Arek] - yes, you need to convert keys into big-endian unsigned integer. In the file "test_cryptodev_rsa_test_vectors.h" there are few examples. Regards, Arek From: Balakrishnan K > Sent: Wednesday, May 25, 2022 12:08 PM To: Kusztal, ArkadiuszX >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Arek, I have public and private key with me which can be used for encryption/= decryption. To fill the below struct do I need to extract Publickey exponent , Private = key exponent etc. The reason why I am asking is, in openssl for encryption we will use key di= rectly with the exposed API. Example : RSA_private_encrypt(strlen(msg), (unsigned char *)msg, encrypted, rsa, RSA_= PKCS1_PADDING); Here in dpdk the rsa struct looks different . Thanks in advance. struct rte_crypto_rsa_xform { rte_crypto_param n; /**< n - Modulus * Modulus data of RSA operation in Octet-string network * byte order format. */ rte_crypto_param e; /**< e - Public key exponent * Public key exponent used for RSA public key operations in Octet- * string network byte order format. */ enum rte_crypto_rsa_priv_key_type key_type; __extension__ union { rte_crypto_param d; /**< d - Private key exponent * Private key exponent used for RSA * private key operations in * Octet-string network byte order format. */ struct rte_crypto_rsa_priv_key_qt qt; /**< qt - Private key in quintuple format */ }; }; Regards, Bala From: Balakrishnan K Sent: 24 May 2022 17:42 To: Kusztal, ArkadiuszX >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Arek, Thanks for the detailed explanation. Regards, Bala From: Kusztal, ArkadiuszX > Sent: 24 May 2022 14:44 To: Balakrishnan K >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption I should use debug_hexdump(stdout, "encrypted message", asym_op->rsa.cipher.data, asym_op->rsa.cipher.length); to check the encrypted message for the input given? Yes, currently it works this way. The same way output for decryption will b= e placed in asym_op->rsa.message.data and input in asym_op->rsa.cipher.data= . More explanations can be found in rte_crypto_asym.h file https://doc.dpdk.org/api/structrte__crypto__rsa__op__param.html. From: Balakrishnan K > Sent: Tuesday, May 24, 2022 7:24 AM To: Kusztal, ArkadiuszX >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Arek, Thanks for quick response. I am using resulted output vector to verify the encrypted message. I thought the encrypted data will be in the asym_op->rsa.message.data after= rte_cryptodev_enqueue_burst and rte_cryptodev_enqueue_burst call with oper= ation type RTE_CRYPTO_ASYM_OP_ENCRYPT. So ,I checked the hex_dump of asym_op->rsa.message.data. Code snippet: asym_op =3D result_op->asym; debug_hexdump(stdout, "encrypted message", asym_op->rsa.message.data, asym_op->rsa.message.length); Encrypted data will be placed in asym_op->rsa.cipher.data after crypto oper= ation is my understanding is correct ? I should use debug_hexdump(stdout, "encrypted message", asym_op->rsa.cipher.data, asym_op->rsa.cipher.length); to check the encrypted message for the input given? Regards, Bala From: Kusztal, ArkadiuszX > Sent: 23 May 2022 18:15 To: Balakrishnan K >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption CAUTION: This email originated from outside of the organization. Do not cli= ck links or open attachments unless you recognize the sender and know the c= ontent is safe. Hi Bala, Ciphertext will be written into asym_op->rsa.cipher.data (not message.data)= by the PMD, here you are using same address for both hex dumps. Although there is a bug in debug_hexdump in this function which may cause t= his confusion. Plus, the test you are referring is PWCT test (Pairwise conditional test) -= > it will encrypt, then decrypt. Please take a look into this comment in queue_ops_rsa_enc_dec function: /* Use the resulted output as decryption Input vector* So above this line there is an encryption part. Below is decryption. Regards, Arek From: Balakrishnan K > Sent: Monday, May 23, 2022 1:33 PM To: users@dpdk.org Subject: how to use crypto openssl PMD for asymmetric encryption and decryp= tion Hi All, I am new to dpdk. Planning to use openssl crypto PMD for encrypting/decr= ypting the packets. Couldn't find much documents on openssl PMD for asymmetric encryption/decry= ption. Any one please point me in the right document. I have tried to run the test cases wrote for asymmetric crypto using openss= l virtual PMD. But the output of particular test case is same after the encryption done. File : app/test/test_cryptodev_asym.c Test executable: ./app/test/dpdk-test Test case : test_rsa_enc_dec Input given to encryption: message at [0x1894e60], len=3D20 00000000: F8 BA 1A 55 D0 2F 85 AE 96 7B B6 2F B6 CD A8 EB | ...U./...{./...= . 00000010: 7E 78 A0 50 | ~x.P After processing the output also looks like same : encrypted message exist at [0x1894e60], len=3D20 00000000: F8 BA 1A 55 D0 2F 85 AE 96 7B B6 2F B6 CD A8 EB | ...U./...{./...= . 00000010: 7E 78 A0 50 Regards, Bala --_000_PH0PR11MB5013F2343607BD0D102493DF9FDD9PH0PR11MB5013namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

For the Asym Cryptodev data to be encrypted it total= ly opaque -> it does not hold any information about data provided by the= user, except for the algorithm parameters of course. So for example for the RSA, data that “asym_op->rsa.me= ssage.data” points to, will be encrypted up to the size of “asy= m_op->rsa.message.length” (provided size is in scope of possible e= ncryption sizes) regardless if it is TLS or IKE or anything else.<= /span>

 

 

 

From: Balakrishnan K <Balakrishnan.K1@tata= communications.com>
Sent: Monday, May 30, 2022 1:59 PM
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; users@= dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Arek,

    Thanks for your inputs.

I wrote the sample application to encrypt the text f= rom a file also decrypting the same.

Now next step is to encrypt the incoming packets.

I have one basic doubt. During rte_cryptodev_enqueue= _burst call with operation type as RTE_CRYPTO_ASYM_OP_ENCRYPT.

For the incoming packet.

what is being encrypted ,Is it entire packet or the = payload(data section) ?

 

Regards,

Bala

 

From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
Sent: 25 May 2022 16:13
To: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Bala,

 

To fill the below struct do I n= eed to extract Publickey exponent , Private key exponent etc.

[Arek] – yes, you need to convert keys into bi= g-endian unsigned integer.

In the file “test_cryptodev_rsa_test_vectors.h= ” there are few examples.

 

Regards,

Arek

 

 

From: Balakrishnan K <Balakrishnan.K1@tatacommunications.co= m>
Sent: Wednesday, May 25, 2022 12:08 PM
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Arek,

    I have publi= c and private key with me which can be used for encryption/decryption.=

 

To fill the below struct do I n= eed to extract Publickey exponent , Private key exponent etc.

The reason why I am asking is, = in openssl for encryption we will use key directly with the exposed API.

Example :

 

RSA_private_encrypt(strlen(msg), (unsigned char *)msg, encr= ypted, rsa, RSA_PKCS1_PADDING);

 

Here in dpdk the rsa struct loo= ks different .

 

Thanks in advance.

 

struct rte_crypto_rsa_xform {

rte_crypto_param n;<= /span>

     &= nbsp;  /**< n - Modulus

     &= nbsp;   * Modulus data of RSA operation in Octet-string network

     &= nbsp;   * byte order format.

     &= nbsp;   */

 

     &= nbsp;  rte_crypto_param e;

     &= nbsp;  /**< e - Public key exponent

     &= nbsp;   * Public key exponent used for RSA public key operations = in Octet-

     &= nbsp;   * string network byte order format.

     &= nbsp;   */

 

     &= nbsp;  enum rte_crypto_rsa_priv_key_type key_type;

 

     &= nbsp;  __extension__

     &= nbsp;  union {

     &= nbsp;          rte_crypto_para= m d;

     &= nbsp;          /**< d - Pri= vate key exponent

     &= nbsp;           * Private= key exponent used for RSA

     &= nbsp;           * private= key operations in

     &= nbsp;           * Octet-s= tring  network byte order format.

     &= nbsp;           */

 

     &= nbsp;          struct rte_cryp= to_rsa_priv_key_qt qt;

     &= nbsp;          /**< qt - Pr= ivate key in quintuple format */

     &= nbsp;  };

};

 

 

Regards,

Bala

From: Balakrishnan K
Sent: 24 May 2022 17:42
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Arek,

  Thanks for the detailed explanation.

 

Regards,

Bala

 

From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
Sent: 24 May 2022 14:44
To: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

I should use 
debug_hexdump(stdout, "encrypted message", asym_op->rsa.c=
ipher.data,
           &nbs=
p;          asym_op->rsa.ci=
pher.length);
to check the encrypted message for the input given?

 

Yes, currently it works this way. The same way outpu= t for decryption will be placed in asym_op->rsa.message.data and input i= n asym_op->rsa.cipher.data.

More explanations can be found in rte_crypto_asym.h = file

https://doc.dpdk= .org/api/structrte__crypto__rsa__op__param.html.

 

From: Balakrishnan K <Balakrishnan.K1@tatacommunications.co= m>
Sent: Tuesday, May 24, 2022 7:24 AM
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Arek,

   Thanks for quick response.

I am using resulted output vector to verify the encr= ypted message.

I thought the encrypted data will be in the asym_op->rsa.message.d=
ata after rte_cryptodev_enqueue_burst and rte_cryptodev_enqueue_burst call =
with operation type RTE_CRYPTO_ASYM_OP_ENCRYPT.
So ,I checked the hex_dump of asym_op->rsa.message.data.
 
Code snippet:
asym_op =3D result_op->asym;
debug_hexdump(stdout, "encrypted message", asym_op->rsa.m=
essage.data,
           &nbs=
p;          asym_op->rsa.me=
ssage.length);
 
 
 
Encrypted data will be placed in asym_op->rsa.cipher.=
data after crypto operation is my understanding is correct ?

I should use 


debug_hexdump(stdout, "encrypted message", asym_op->rsa.c=
ipher.data,


           &nbs=
p;          asym_op->rsa.ci=
pher.length);


to check the encrypted message for the input given?


 


 


Regards,


Bala 


 


 






From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>


Sent: 23 May 2022 18:15

To: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>;
users@dpdk.org

Subject: RE: how to use crypto openssl PMD for asymmetric encryption=
 and decryption






 




CAUTION: This email =
originated from outside of the organization. Do not click links or open att=
achments unless you recognize the sender
 and know the content is safe. 






Hi Bala,


 


Ciphertext will be written into asym_op->rsa.ciph=
er.data (not message.data) by the PMD, here you are using same address for =
both hex dumps.


Although there is a bug in debug_hexdump in this fun=
ction which may cause this confusion.


 


Plus, the test you are referring is PWCT test (Pairw=
ise conditional test) -> it will encrypt, then decrypt.


Please take a look into this comment in queue_ops_rs=
a_enc_dec function:


/* Use the resulted output as decryption Input vecto=
r*


So above this line there is an encryption part.=



Below is decryption.     &n=
bsp;     


 


Regards,


Arek


 








From: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>


Sent: Monday, May 23, 2022 1:33 PM

To: users@dpdk.org

Subject: how to use crypto openssl PMD for asymmetric encryption and=
 decryption






 


Hi All,


   I am new to dpdk. Planning to use opens=
sl crypto PMD for encrypting/decrypting  the packets.


Couldn’t find much documents on openssl PMD fo=
r asymmetric encryption/decryption.


Any one please point me in the right document.<=
/o:p>


 


I have tried to run the test cases wrote for asymmet=
ric crypto using openssl virtual PMD.


But the output of particular test case is same after=
 the encryption done.


 


File : app/test/test_cryptodev_asym.c


Test executable: ./app/test/dpdk-test


Test case : test_rsa_enc_dec


    


Input given to encryption:    =
;          


message at [0x1894e60], len=3D20


00000000: F8 BA 1A 55 D0 2F 85 AE 96 7B B6 2F B6 CD =
A8 EB | ...U./...{./....


00000010: 7E 78 A0 50     &=
nbsp;           &nbs=
p;            &=
nbsp;      | ~x.P


 


After processing the output also looks like same =
:


encrypted message exist at [0x1894e60], len=3D20


00000000: F8 BA 1A 55 D0 2F 85 AE 96 7B B6 2F B6 CD =
A8 EB | ...U./...{./....


00000010: 7E 78 A0 50


 


 


Regards,


Bala
--_000_PH0PR11MB5013F2343607BD0D102493DF9FDD9PH0PR11MB5013namp_--