Re: [dpdk-dev] [PATCH v1 0/2] declare crypto asym xform immutable

["Kusztal, ArkadiuszX" <arkadiuszx.kusztal@intel.com>]

Hi all,
What is the state of this patch, is it intended for 19.11 release?
I would also propose to extend .rst comments to session-less case too like in this thread below (with [AK]).
Regards,
Arek
________________________________
From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com<mailto:arkadiuszx.kusztal@intel.com>>
Sent: 25 July 2019 19:57
To: Shally Verma <shallyv@marvell.com<mailto:shallyv@marvell.com>>; Anoob Joseph <anoobj@marvell.com<mailto:anoobj@marvell.com>>; Ayuj Verma <ayverma@marvell.com<mailto:ayverma@marvell.com>>; akhil.goyal@nxp.com<mailto:akhil.goyal@nxp.com> <akhil.goyal@nxp.com<mailto:akhil.goyal@nxp.com>>
Cc: Sunila Sahu <ssahu@marvell.com<mailto:ssahu@marvell.com>>; Kanaka Durga Kotamarthy <kkotamarthy@marvell.com<mailto:kkotamarthy@marvell.com>>; dev@dpdk.org<mailto:dev@dpdk.org> <dev@dpdk.org<mailto:dev@dpdk.org>>; Trahe, Fiona <fiona.trahe@intel.com<mailto:fiona.trahe@intel.com>>
Subject: RE: [PATCH v1 0/2] declare crypto asym xform immutable

Hi All,

> > > I believe there are couple of issues with this patch.
> > >
> > > Are these experimental APIs? I believe they were made stable this
> > > release and I'm not sure if it is a right practice to edit an API
> > > without deprecation notice after it is made stable. Especially now
> > > that RC2 is done. @Akhil, what is your take on this?
> > > [Shally] These are experimental still, hence no deprecation notice.
> > > We checked about it with Fiona, Akhil before.
> >
> > [Anoob] In the patch, the edited APIs doesn't have experimental tag. I
> > leave it to Akhil's judgement on this.
> >
> > >
> > > I think, the approach here is wrong. If the lifetime of the session
> > > is expected to be only few packets, then session-less (which I
> > > believe is in the pipeline) would make more sense.
> > > [Shally] See my response further below on this.
> > >
> > > If the lifetime of the session is expected to be more than that,
> > > then having this feature/limitation would make application more
> > > complicated. Also, since one asymmetric session can hold both public
> > > & private keys, the implicit assumption would be, the session can be
> > > used for multiple kinds of operations. This change is in
> > > contradiction with
> > that.
> > > [Shally] Why the contradiction here? There's no change in session
> > > usage from current version. Currently too, once keys are set on
> > > asymmetric session, they are used with multiple operations using
> > > that sessions, example - once RSA xform is set with keys, then one
> > > can perform sign/verify/enc/dec. So, I don't see any change in that
> > > notion with this proposal. All we are changing is, PMD which does
> > > not need to store keys in specific format (like openssl PMD), can
> > > just hold app buffer pointer till session-lifetime (eventually
> > > giving same effect as sessionless). It will help such PMDs to
> > > optimize their session setup time by
> > avoiding unnecessary memcpy of keys buffers.
> >
> > [Anoob] Contradiction is in the sense of what is a session. Here we
> > are saying one session can have SIGN & VERIFY, but the lifetime  of
> > the session is assumed to be "short".
> [Shally] No. we only said, Session will only have keys (which is in xform) with
> which SIGN & VERIFY will be performed during enqueue.
> As long as there're operations to be performed using data set in session,
> session data should not be manipulated.
[AK] - we need to keep in mind that if we will copy user private key inside our internal structs,
It will be stored in two places in the same time, making it more vulnerable, that's why I have asked about session lifetime.
At least we could inform user of this when PMD copy data internally.
Of course usually this data need to be copied anyway for op lifetime (because of some padding/alignement requirements hw may have).

>
> >
> > >
> > > But my major concern is how this can lead to accidental errors.
> > > Making the argument as const will mean the API won't edit its
> > > contents. But if there is a pointer in that (key happens to be a
> > > pointer inside the xform), having const for xform will not help.
> > > This is my understanding. Please correct me if I'm wrong.
> > > [Shally] This spec says " xform and its buffers remain constant" .
> > > So, intention is to state to apps that buffer passed to xform should
> > > be const in nature and that they should not modify it.
> >
> > [Anoob] The current change could break existing applications. And the
> > compiler will not be able to detect it.
> >
> [Shally] Application would need to be changed to make sure this criteria is
> met. We took care to check same in asym unit test app while proposing
> change.
>
> > >
> > > Also, I could have the xform allocated from stack (non const,
> > > regular local
> > > variable) and then call the session_init. Would compiler throw an
> > > issue in that case? I doubt so.
> > >
> > > void abc(const int t)
> > > {
> > >         printf("%d\n", t);
> > > }
> > >
> > > void main()
> > > {
> > >         int t = 0;
> > >         abc(t);
> > >         t = 2;
> > >         abc(t);
> > > }
> > >
> > > To summarize, if this assumption is accepted, then compiler will not
> > > be able to ensure it. And to properly use it, application will have
> > > to be drafted differently. And when similar effect can be achieved
> > > by having session-less, this seems redundant.
> > > [Shally]  Compiler may or may not warn on typecast error here.
> >
> > [Anoob] May or may not be?
> >
> [Shally] Yes. Depending on compiler version type or optimization level.
> Havent given try to all.

[AK] Integers conversions are not good example as integers in C are governed by different rules than pointers.
In terms of this
-                       struct rte_crypto_asym_xform *xforms,
+                       const struct rte_crypto_asym_xform *xforms,
No compiler should complain about that as per spec: for any qualifier q, a pointer to a non-q-qualified type may be converted to a pointer to
the q-qualified version of the type.
We of course expect user will not change this data when there are still ops to be enqueued with this xform.
[AK] - This note could be added to the session-less case.
[Ayuj] Yes, also can't do below :

                          const struct rte_crypto_asym_xform *xform;

                          struct rte_crypto_modex_xform *xfrm = &(xform->modex);

          it should needs to be const for both which will ensure its sanity :

                          const struct rte_crypto_asym_xform *xform;

                          const struct rte_crypto_modex_xform *xfrm = &(xform->modex);

>
> > > That's why
> > > spec and documentation are put in place to ensure that application
> > > don't reuse them or destroy them once "xform and its buffers" are
> > > set on
> > session.
> > > And, same will need to be documented about xform for session-less
> > > usage as well.
> >
> > [Anoob] Can you describe how this is required in session-less?
> >
> [Shally] We don't know how every PMD might use them. So, it is safe to mark
> xform and buffers immutable there too.
> So this is my thought but I have asked from POC for sessionless, as it is
> proposal by Arek, am yet to get more feedback on that.
>
> > > Even there, we would ensure that application do not re-use or modify
> > > xform and its buffers until dequeue happen. So, practically I see,
> > > application would have to take of these cases in session-less as well.
> > >
> > > Since in session-based case, xform are set on it than ops, so we're
> > > moving same definition on session. So for PMDs which support
> > > sessions-based implementations ( like ours) , believe it completely
> > > make sense to enable sessions to have sessionless effect.  If we
> > > don't change spec to enable optimization, then we're making
> > > 1-approach slower than other.  PMDs can adopt any approach more
> suitable to them.
> > > But spec could be made flexible to allow them to experiment with
> > > both approaches for performance. Else , PMDs will be forced to
> > > experiment around sessionless which may be eventually be an
> > > unnecessary overhead
> > for them.
> >
> > [Anoob] I get your intention on avoiding the memcpys. But the current
> > changes would make the spec more prone to errors. And if we think we
> > should improve the key handling done in both session & session-less, I
> > would suggest not to rush with this change. We can keep the API
> > experimental and continue improving it to fix this issue for all PMDs more
> cleanly.
> >
> [Shally] There's no rush. It is up and open for feedback.
> This change has an intent to optimize session setup time and since xform
> data is not supposed to change once it is set on session. Only change
> proposed is, why not just use app buffers instead of redundant copy of same
> into PMD buffer.
> if you see better suggestions , please provide.
>
> > >
> > > Thanks
> > > Shally
> > >
> > > So this change is NACK from my side.
> > >
> > > Thanks,
> > > Anoob
> > >
> > > From: Ayuj Verma
> > > Sent: Wednesday, July 24, 2019 2:23 PM
> > > To: mailto:akhil.goyal@nxp.com
> > > Cc: mailto:arkadiuszx.kusztal@intel.com; Shally Verma
> > > <mailto:shallyv@marvell.com>; Sunila Sahu
> > > <mailto:ssahu@marvell.com>; Kanaka Durga Kotamarthy
> > > <mailto:kkotamarthy@marvell.com>; Anoob
> > Joseph
> > > <mailto:anoobj@marvell.com>; mailto:dev@dpdk.org; Fiona Trahe
> > > <mailto:fiona.trahe@intel.com>
> > > Subject: Re: [PATCH v1 0/2] declare crypto asym xform immutable
> > >
> > > +Fiona.
> > > ________________________________________
> > > From: Ayuj Verma <mailto:ayverma@marvell.com>
> > > Sent: 24 July 2019 14:21:55
> > > To: mailto:akhil.goyal@nxp.com <mailto:akhil.goyal@nxp.com>
> > > Cc: mailto:arkadiuszx.kusztal@intel.com
> > > <mailto:arkadiuszx.kusztal@intel.com>; Shally Verma
> > > <mailto:shallyv@marvell.com>; Sunila Sahu
> > > <mailto:ssahu@marvell.com>; Kanaka Durga Kotamarthy
> > > <mailto:kkotamarthy@marvell.com>; Anoob
> > Joseph
> > > <mailto:anoobj@marvell.com>; mailto:dev@dpdk.org
> > > <mailto:dev@dpdk.org>; Ayuj Verma <mailto:ayverma@marvell.com>
> > > Subject: [PATCH v1 0/2] declare crypto asym xform immutable
> > >
> > > Mark asym xform as immutable till lifetime of session. It will save
> > > session setup time for PMDs, which doesn't require any manipulation
> > > of xform data, by directly using these buffers.
> > >
> > > * Updated xform type in session init/configure
> > >   API as constant.
> > > * Updated doc with proper transform description.
> > > * Updated openssl PMD with above changes.
> > >
> > > Ayuj Verma (2):
> > >   lib/crypto: declare crypto asym xform immutable
> > >   crypto/openssl: mark asym xform constant
> > >
> > >  doc/guides/prog_guide/cryptodev_lib.rst      | 10 ++++++++++
> > >  drivers/crypto/openssl/rte_openssl_pmd_ops.c |  8 ++++----
> > >  lib/librte_cryptodev/rte_cryptodev.c         |  2 +-
> > >  lib/librte_cryptodev/rte_cryptodev.h         |  2 +-
> > >  lib/librte_cryptodev/rte_cryptodev_pmd.h     |  2 +-
> > >  5 files changed, 17 insertions(+), 7 deletions(-)
> > >
> > > --
> > > 1.8.3.1