DPDK patches and discussions
 help / color / mirror / Atom feed
From: Ramkumar Balu <rbalu@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>,
	"Kusztal, ArkadiuszX" <arkadiuszx.kusztal@intel.com>,
	Anoob Joseph <anoobj@marvell.com>,
	"Zhang, Roy Fan" <roy.fan.zhang@intel.com>
Cc: "dev@dpdk.org" <dev@dpdk.org>
Subject: RE: [RFC] cryptodev: asymmetric crypto random number source
Date: Mon, 13 Dec 2021 09:27:05 +0000	[thread overview]
Message-ID: <DM5PR1801MB2074FF44331E678100C001F6B0749@DM5PR1801MB2074.namprd18.prod.outlook.com> (raw)
In-Reply-To: <CO6PR18MB4484EFAA0A3347AC32E30F82D8749@CO6PR18MB4484.namprd18.prod.outlook.com>

> ++Ram for openssl
> 
> > ECDSA op:         
> >        rte_crypto_param k;
> >               /**< The ECDSA per-message secret number, which is an integer
> >               * in the interval (1, n-1)
> >               */
> > DSA op:
> >               No 'k'.
> >
> > This one I think have described some time ago:
> > Only PMD that verifies ECDSA is OCTEON which apparently needs 'k' provided by user.
> > Only PMD that verifies DSA is OpenSSL PMD which will generate its own random number internally.
> >
> > So in case PMD supports one of these options (or especially when supports both) we need to give some information here.

We can have a standard way to represent if a particular rte_crypto_param is set by the application or not.  Then, it is up to the PMD to perform the op or return error code if unable to proceed.

> >
> > The most obvious option would be to change rte_crypto_param k -> rte_crypto_param *k
> > In case (k == NULL) PMD should generate it itself if possible, otherwise it should push crypto_op to the response ring with appropriate error code.

This case could occur for other params as well. Having a few as nested variables and others as pointers could be confusing for memory alloc/dealloc. However, the rte_crypto_param already has a data pointer inside it which can be used in same manner. For example, in this case (k.data == NULL), PMD should generate random number if possible or push to response ring with error code. This can be done without breaking backward compatibility.
This can be the standard way for PMDs to find if a particular rte_crypto_param is valid or NULL.

> >
> > Another options would be:
> > - Extend rte_cryptodev_config and rte_cryptodev_info with information about random number generator for specific device (though it would be ABI breakage)
> > - Provide some kind of callback to get random number from user (which could be useful for other things like RSA padding as well)

I think the previous solution itself is more straightforward and simpler unless we want to have functionality to configure random number generator for each device.

Thanks,
Ramkumar Balu



  reply	other threads:[~2021-12-13  9:27 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-03 10:03 Kusztal, ArkadiuszX
2021-12-13  8:14 ` Akhil Goyal
2021-12-13  9:27   ` Ramkumar Balu [this message]
2021-12-17 15:26     ` Kusztal, ArkadiuszX

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DM5PR1801MB2074FF44331E678100C001F6B0749@DM5PR1801MB2074.namprd18.prod.outlook.com \
    --to=rbalu@marvell.com \
    --cc=anoobj@marvell.com \
    --cc=arkadiuszx.kusztal@intel.com \
    --cc=dev@dpdk.org \
    --cc=gakhil@marvell.com \
    --cc=roy.fan.zhang@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).