From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 49BDEA0546; Tue, 6 Apr 2021 12:49:57 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1014F40F35; Tue, 6 Apr 2021 12:49:57 +0200 (CEST) Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2065.outbound.protection.outlook.com [40.107.236.65]) by mails.dpdk.org (Postfix) with ESMTP id D9CF44067C for ; Tue, 6 Apr 2021 12:49:55 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jmEc747b8zzrFUdLvjMBlPsmYLDcfddZM1kPcjoiAmkVpaoOeSeG+hnYEJVf3A1H/ITVqqIXRYXPiBKYrq4CF40upedc9gjJHNGOF7Eowo2sD2A6yKTdPuPmyf3JLBjWFdn18qgPrP+oG9PpzcJnfZWkSjEJvHD956YD5vcOzo7yqgwt4y1bNdXtfvc1XaYuGpONHxi+k0UOmycZ2AKJUPHFIEOgslg/p59iu78Z7JfSsDxy/xdNuGzKBDPpugujbp61iaM86ttvrFKJTAZsijmJlbfHDapzj4UzGgYLKdlCPX+U5CaXKCY7ZsYdPhLs5BUo8abXGxyX9c0AZf1G5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o05j/md02xBVUaSUXCYlcPdvt4RvogDfDfEDsFsqxmE=; b=ieyX6xAnYTIBx8NPPtwOUb0FxPAtYKYiwAxc/bsFKPCSrZdhRzIXApRhIeUpEcaLEr5iFFG5d08IIVAVBdxT9ZevqmxXFTP6tzcQlSd812Vd7ltvCa9XEZZoitZhPSniNLSAq1HbqX0woaYSp3R6Hd0+6fTw+4jLaQS5NUSsiG3iS5IaSoeROUITqL2HCLmbnZSNkdmxKO2j7Qp1QOd3ncHSL+wZvGH6oEPH7X0iSoc0BgE/wCn4smcGUeq3eFYDhojROlpziMM0pxaNNTX/m+9SKZ0PFmQRmaWzvVAt8epcj6AgzatJ0gTTcr/u4v5fwRSTsHp3WKsP0Ohn2+iJFA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o05j/md02xBVUaSUXCYlcPdvt4RvogDfDfEDsFsqxmE=; b=Vg71tjnUVkM8ST5S6Os9vE5AP+PRnL8p12r52plEEBYWEw9SURhT+bXmR4eRGrVwgYkmaR1KVK3/nNOLcAO/691C2VSl9tNJL1SnpI2gvVWki9eJMaAFUKPigIe5WFGYgHrrdpjXIKWjn23yEJZJ8ncr5WSayZN3mpSJM1xDca2k93nmKox8JSla+oa6a9PJKTmMF2/rA2DDex/uzL/spfIAU5lmKGY9nOBdnAXGBC89z/s6dcu74S+cduuO7PB/gJSe1VXgu7eX0Q6OjNEKNqsENIxQULOvkgWw8XzUN6FYiQLo+z1Uxgf1YdbS19KZwKgNAMSKaFt+91fo7IngyA== Received: from MW2PR12MB2492.namprd12.prod.outlook.com (2603:10b6:907:8::19) by MWHPR12MB1214.namprd12.prod.outlook.com (2603:10b6:300:e::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.29; Tue, 6 Apr 2021 10:49:53 +0000 Received: from MW2PR12MB2492.namprd12.prod.outlook.com ([fe80::997d:63f4:b22c:8d90]) by MW2PR12MB2492.namprd12.prod.outlook.com ([fe80::997d:63f4:b22c:8d90%7]) with mapi id 15.20.3999.032; Tue, 6 Apr 2021 10:49:53 +0000 From: Matan Azrad To: Akhil Goyal , "dev@dpdk.org" CC: "akhil.goyal@nxp.com" , Declan Doherty , Somalapuram Amaranath , Ruifeng Wang , Ajit Khaparde , Anoob Joseph , Fan Zhang , John Griffin , Pablo de Lara , Michael Shamis , Nagadheeraj Rottela , Ankur Dwivedi , Gagandeep Singh , Jay Zhou , ArkadiuszX Kusztal , Sasha Kotchubievsky , Oren Duer , Shiri Kuzin Thread-Topic: [dpdk-dev] [PATCH] cryptodev: formalize key wrap method in API Thread-Index: AdcqT0Qbt/OLeC1ZQ3qwUWQGGKGKVgAW3sbAAAQOm0AABdQRMA== Date: Tue, 6 Apr 2021 10:49:53 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: marvell.com; dkim=none (message not signed) header.d=none;marvell.com; dmarc=none action=none header.from=nvidia.com; x-originating-ip: [216.228.117.191] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 65d31780-bb0c-4131-222a-08d8f8e9b5db x-ms-traffictypediagnostic: MWHPR12MB1214: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: uvkySbAQKCsYQhbBW+etXqTWkKD337pFQ644NN7+ZpgHnjXL0Xs6nISRzNsSbsEnqQb9hE3+zVv2TERquJAZUnnQ5aRrnTnRcNGB/ooIy1OsXzaWK89jvsTFtIKozS2dbI0yM0xYRm7eW40KnuDF/NN7Ii8BTOPgKG+DqP/Cn5G8KueEHlMyMOWK1Vl1Hj3S2bQ8v67LBHEmhGqOChJUzFKbltQnH7P9cZMO3uh7aQCvHIdH5/wNDgZ+af7oXo9sdK0WRRr9zcKpPXBVGiJCrdZE+req5VmAwphK6Msg/knYijnCqb/gH7PXFrR4UzljlITLdIiu8UnaHPST558aNGsZj1YoDnANXQFFurlkyBcTyhTwvmKc9SMxQB8VmqHc5V64Dnh8KNSO1m2ALIbpHSJa9v+2XUNmo9Qtpir1kv6MCWpDdnKp5Sw3UT/ZkSOh/MqiARC5kBZ3toT2gwaTbR4PS5qLc4jmagpAOywhH/no+tTZ2ykKBe7gOOmu3/FcL5CW6EcoBeJbSDJ0mEmZnvrtpDCzdfscfynCxV4ExOPpPZw8M2ETRl9mLgQ+/wfU6YnPreN4QU/iMNXB6Cst0jPxq6Wu+eNNLV+j/QkrMqSGzQ4+V+g1DoQzZWCj3EfQOUKKSKBJiED094Kr2FlyrRaYChlcRTyotaxc75NgeFI= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW2PR12MB2492.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(396003)(39850400004)(376002)(346002)(136003)(2906002)(86362001)(9686003)(83380400001)(4326008)(26005)(55016002)(66556008)(54906003)(110136005)(66476007)(76116006)(7696005)(478600001)(186003)(66946007)(71200400001)(33656002)(64756008)(8676002)(107886003)(316002)(5660300002)(7416002)(8936002)(6506007)(52536014)(38100700001)(66446008); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?EcQU/zBe1pniS6cgDlymXy9I0SgvjiMUSKKFNRz4W0wwRjw4jIt1HDkjVgbi?= =?us-ascii?Q?RHZXhrImEtpjnnrO1VJpih6rBiY3jFHc8rqp2AjkAiriGg3XLpLEKFS20gpB?= =?us-ascii?Q?fNOfqRqxjN8NqsPtsFD0OQ4Z/vYi9uD0vBzrtzoVd1z+vxkFviIGwkWsjTVZ?= =?us-ascii?Q?tM9wSAvticOSmpEKcwbLXfQtw0DV+fBu4NPE2ThvOqZxUQtgojszafMiRKDo?= =?us-ascii?Q?jZG4K9r3U+31jPAAE02nC0+E635aLm8yyu7/ZfctbptE8TfWQzXoNTVmWA+u?= =?us-ascii?Q?4YInEsx4Uo6XXCJfC0KtW5fMAbtY3pfNM6fYhaFzSkamGpF1/RXMgNm+op/N?= =?us-ascii?Q?DMlT9aquX3wfbqLI5eK6XHtwtmAIzaGWxiOxjwHLD/XJGqi8aETa7HITAx1i?= =?us-ascii?Q?4CUxhS2yM0r4xE4XJBKCB5hkdVuZqRczxITxPfYN4a/4+ExfCaxP096w7n6B?= =?us-ascii?Q?rfpf6K8gRXZ9swBkno8JDybTmRub5eczEfiRv0VyIQEBMOSlL3b+v2JnBK8V?= =?us-ascii?Q?OFaMuIspyYkt56H27rypUL0TII9XsmK9YACdHIJrcdLThC0df38byf96eKFF?= =?us-ascii?Q?IkQA9zq/iZvVXOvlxDMq46mf0T3GdCMpv0Y9wPD7/1ZxM0g81UkSnpOCm+jG?= =?us-ascii?Q?/fRegILzs7zCtNcTM22j9W+PPUhUnJ7qoilHeGpKm9n2PwVFm7ANKuzqxABv?= =?us-ascii?Q?9aCxhHFyvfJbR7HcSKGYSlEj7knGCi41WrWE9jf1LyN8ScIGB6Nl89GKxlK7?= =?us-ascii?Q?OOJMhj/L30RwjhUXXNxQPr1l0VxigAXSSf8lH3GTfFStOodPE0uqcieOlh8O?= =?us-ascii?Q?OYPBUaIxtO5mH1i9AvWdgqAo2gjx8ZUZSk48i9nZnwuDBT4AEI+bJbj6Y9tq?= =?us-ascii?Q?QkX1WiyloyfehJA8+skP3CIFQscxjKXjBK5Vb6wgyxEUOOy7LqNASXGixQS5?= =?us-ascii?Q?syDKE0NB706BHk0KxWQ2+72Fqtspy7iIRDeWblsDBdofadZcSrvhp15aZl4Z?= =?us-ascii?Q?Brsx/xutibGPwQipTxsKAkojifCSZYr9wpv2BvTLaHUn0lD6Qc6fvI4sVCdR?= =?us-ascii?Q?ArLDe7csv0Q4yXxSyRYxzQ8I7jIK/mmIK+4vIrV8CoaxtsjT4PMS9hBzHP8q?= =?us-ascii?Q?wRJyA7JuiBTZHw7WNnMQgzIysV2+AnFd9w8eax/IcOxmxrvOvn04VCVrLziG?= =?us-ascii?Q?6Cl4HJEdYwfdV9dUtbh8y8RgVRMXwE4z0+J5ZGFYA7QDS+GyWrdVDrL7YkdT?= =?us-ascii?Q?tFvgcDlYmildmeUQlnT/hxGEoJqOJnc/edn1VuKyaa3+Fw5otOB0VEhSjvWq?= =?us-ascii?Q?klB06V/j8n0MSegYDQucsB4Z?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW2PR12MB2492.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 65d31780-bb0c-4131-222a-08d8f8e9b5db X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2021 10:49:53.3051 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: zfsBxZKi4q4DvGk7e9de22KrHULHrWyeXsTZYmBu8TkRm8WNzBAAjGHA/hklIvu70QUAvHFi8V66kbcDeqGJFQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR12MB1214 Subject: Re: [dpdk-dev] [PATCH] cryptodev: formalize key wrap method in API X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Akhil Goyal > > Hi Akhil > > > > From: Akhil Goyal > > > Hi Matan, > > > > > > > The Key Wrap approach is used by applications in order to protect > > > > keys located in untrusted storage or transmitted over untrusted > > > > communications networks. The constructions are typically built > > > > from standard primitives such as block ciphers and cryptographic > > > > hash functions. > > > > > > > > The Key Wrap method and its parameters are a secret between the > > > > keys provider and the device, means that the device is > > > > preconfigured for this method using very secured way. > > > > > > > > The key wrap method may change the key length and layout. > > > > > > > > Add a description for the cipher transformation key to allow > > > > wrapped key to be forwarded by the same API. > > > > > > > > Signed-off-by: Matan Azrad > > > > --- > > > > > > How will the driver gets notified whether the key is wrapped or not? > > > The driver would expect the keys are as per the capabilities exposed. > > > If it does not check as per the capabilities, how will it identify a > > > bad Key len > > and > > > the wrapped key length? > > > > As I wrote, the device is preconfigured to the key wrapping mode in > > very secured way. > > No one knows this secret except the device and the key provider > > (outside the crypto lib and dpdk application). > > The driver may know something but not necessarily. > > If the device validation to the key is failed, the driver will return > > an error to the app. > > > Shouldn't this be a capability/feature flag whether it can be supported b= y the > underlying Driver or not? Makes sense to me. > I am not saying that the driver should know the details of the wrapping m= ode. > But it can be asked, whether it support this wrapping mode or not? It can say that it support key wrapping - no more than that. What do you think? >=20 > > > > > > lib/librte_cryptodev/rte_crypto_sym.h | 7 +++++++ > > > > 1 file changed, 7 insertions(+) > > > > > > > > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h > > > > b/lib/librte_cryptodev/rte_crypto_sym.h > > > > index 5973e31..6aca2c7 100644 > > > > --- a/lib/librte_cryptodev/rte_crypto_sym.h > > > > +++ b/lib/librte_cryptodev/rte_crypto_sym.h > > > > @@ -200,6 +200,13 @@ struct rte_crypto_cipher_xform { > > > > uint16_t length; /**< key length in bytes */ > > > > } key; > > > > /**< Cipher key > > > > + * The original key data may be provided wrapped (encrypted) > > > > + using > > > > a key > > > > + * wrap algorithm such as AES key wrap (from rfc3394) or othe= r. > > > > + In > > > > such > > > > + * case, the wrapping details is a secret between the key pro= vider and > > > > + * the device. Such key wrapping may increase the length of > > > > + the > > > > provided > > > > + * key beyond the advertised supported key size. Hence it is = the > > > > + * responsibility of the driver/device to validate the length= of the > > > > + * provided key. > > > > * > > > > * For the RTE_CRYPTO_CIPHER_AES_F8 mode of operation, > > > > key.data will > > > > * point to a concatenation of the AES encryption key > > > > followed by a > > > > -- > > > > 1.8.3.1