From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 24804A0A02; Tue, 6 Apr 2021 08:20:32 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B20B6406A2; Tue, 6 Apr 2021 08:20:31 +0200 (CEST) Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2073.outbound.protection.outlook.com [40.107.223.73]) by mails.dpdk.org (Postfix) with ESMTP id BBFD94068B for ; Tue, 6 Apr 2021 08:20:29 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XFKyW0JyOfJh48+QFoJGlAL6cclskXpJuIBFv7WrXxtLKXEY1ZgrKeWRYH/YnTnlXSXvo67ZOrZpbt4MntgDtukcM0xFPpDciZETHJ6A93ZnqIb4+IEEna24UA+aS9G38/bH7ntaA1pzj/zUE8e6pLOqrSd3UdmMJEVCLTlOUEMbsC5ISTP0PY/B6FlFwZTtOI8FE3LEc04PQCH4jwcGhOiQ738uwUPf8TOhKAdQuSqcavRnCfagxQoOK9fTE0zvh/v3tZH1pfjb6XYwOkDfX4G3YHtPX04D8GiNwSME3aFRPRukCYdXJap4oMGXfcH8L6Mjnp0Z8otK74FmZiGg+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AKZptAnQwEHQ12I05t7wWNWf4wpvfEMnPEL8UyJwAdA=; b=WWF26hVqekjZybMgh06Iua2KevhxVxpwMMKrbZWyO3cYmsop/hqAMDp0MVfLyaDIRebrvrOTR5d4U5PaFyJoTELBTF/re/2F+mYhq7R6YKt4lSjZkz/jtnO9eqeBq4reEJkI+v6YfUY6JufbeRBl+mEq6V9VzPLg0eSb7E+9UyvRDa14seRDBUerqdo6lcFu4Yu7/y6LD7j31H8vaDKs+HPRTfauAxA8UmXlhkjeb8cJnFKo84vADJEnE15zUSoz2KmD4azPgZp2tlOul+Qn0eY8rD65+0UlOquzRkpKseoNmnjlcFFPBZGbw23q/+IG91h180KpHPyhr3cKXNeTHA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AKZptAnQwEHQ12I05t7wWNWf4wpvfEMnPEL8UyJwAdA=; b=VzYjnmqStM4ocaMe1y77EEr8Tdre8y1cMYJC3UWrnEGMlkLwLeDIwDa+r/Oz96SULMAIDnD7jyYnFDVUwCuZlqBFbyd3+jwdNVnJ7hrkrsBDmclbkniHnkbb/yeD1+x3I812NgmT64BxtmpGNHXxzmSL1nkTp4zjU1uex98hxAH+9gD9nuKYTZA7/J1hK1ovSIohSPPTEaVakFi9ga8NG/ZGv5z4A12yxaAKaFnEdFqFeSErrPKXymeJO4qA7kkoKBaKOP8f1Isms0EQqA+6HD0ukcoWnVNuuh8mln3ybSyfPJIuYPkzot+/hExyrYe+T7X9gNOTM4za2qOo0SAMbg== Received: from MW2PR12MB2492.namprd12.prod.outlook.com (2603:10b6:907:8::19) by MWHPR12MB1279.namprd12.prod.outlook.com (2603:10b6:300:d::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.29; Tue, 6 Apr 2021 06:20:27 +0000 Received: from MW2PR12MB2492.namprd12.prod.outlook.com ([fe80::997d:63f4:b22c:8d90]) by MW2PR12MB2492.namprd12.prod.outlook.com ([fe80::997d:63f4:b22c:8d90%7]) with mapi id 15.20.3999.032; Tue, 6 Apr 2021 06:20:27 +0000 From: Matan Azrad To: Akhil Goyal , "dev@dpdk.org" CC: "akhil.goyal@nxp.com" , Declan Doherty , Somalapuram Amaranath , Ruifeng Wang , Ajit Khaparde , Anoob Joseph , Fan Zhang , John Griffin , Pablo de Lara , Michael Shamis , Nagadheeraj Rottela , Ankur Dwivedi , Gagandeep Singh , Jay Zhou , ArkadiuszX Kusztal , Sasha Kotchubievsky , Oren Duer , Shiri Kuzin Thread-Topic: [dpdk-dev] [PATCH] cryptodev: formalize key wrap method in API Thread-Index: AdcqT0Qbt/OLeC1ZQ3qwUWQGGKGKVgAW3sbA Date: Tue, 6 Apr 2021 06:20:27 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: marvell.com; dkim=none (message not signed) header.d=none;marvell.com; dmarc=none action=none header.from=nvidia.com; x-originating-ip: [79.182.40.49] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 6719c4e3-2391-4c02-09f9-08d8f8c4122e x-ms-traffictypediagnostic: MWHPR12MB1279: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: +vlId3OxqPCI72XcsgQl7vg2j/mOdTE169uqkIkEruxe6Ebpgu1DiyAYie/hGz5koRqIul1FNBWDItvFMpBPVdZ/aaY9SyUsfExIdxHtpyEZlWtdTLoHL/jXATkh5t61PXN9AAVnbqLa75Yf1O6IMqpm/Q8lrcqyPiAJyRUA+7RYqhrGpX6XJtO20t+Ik9UUjCn0FiToKurES8XMPpuvsLvN6wvzyQdJ11ESGD17bdFe1ZwJyyHaFyWF0FfsfC13DgRDzS9Zfe+2dBpkke5ATdSMhQ4QCsCf1FyRLDeKaG9SuJPhCK4PSsHZ33zGUNu9+l84t0AKCdekF5Lus7KqFIIEVIaXBeJaiqgOiiVmJHKz7Y6fNpl4JcT7T84M3jA+DIqW2dcYuNT29e5wi7W1U44wvwQJ3x9233ONVxBHcho14A0B6dgODCuHxKfk9sve0HKsW7xYDVVXBECcJWPDqT/R4mfMFW0d2O0XkW3HIoZPx4jyup/dEosphLqpoGcbUexq0EzxT4JtN6Pckk1wezX6KxlzI+VKg9+bvSpcjyMnfaODbS3NHycKAkrajKHq184L4Ael6bQRMbAOpmO8fYg+WzIbmtXqxDF93kmdYD1eEmaeRMA/O54L8AEWd7y8OaD2XGpijLixw0Ttily4CZ9woBS7hZw+UAxiNtBhzRM= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW2PR12MB2492.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(376002)(39860400002)(396003)(346002)(366004)(186003)(9686003)(38100700001)(55016002)(2906002)(71200400001)(6506007)(107886003)(5660300002)(316002)(33656002)(4326008)(8676002)(110136005)(66476007)(66446008)(7696005)(83380400001)(66946007)(64756008)(478600001)(66556008)(8936002)(86362001)(26005)(52536014)(54906003)(76116006)(7416002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?hfGJAbYzThNGw5s1PvVR6ZjIg6i029DeJiw1kNrQj6yyhT/RlhIYR0kj8+F+?= =?us-ascii?Q?P+HDLXIcyxKIEFssQ5YVsU1hwYMiLbTvzOH7iq8S13J53FRu9fGOKJ6zF0rv?= =?us-ascii?Q?89B3R04k760Ofr7HzBs7VCzW3KsYY36vTjBJIj2zLAlLHKJ6g/cCUglMls+8?= =?us-ascii?Q?YVB3lc+qrf5aFcWcIDHRGZEyGR0Q8RrIqWsQzvY73MIDpmVmdAl7G4g2TVRb?= =?us-ascii?Q?6P8xiSRZsAuBMAtQmz+/1JqiKRdnnPpWJe6grzPi26T2j4NKpQSAyi213xa+?= =?us-ascii?Q?sqn3+DSnxSxWmwXkRW0AZjg0CnUyLqvSzGYiR/6YrMYejChv7fM4EfhmG+Q+?= =?us-ascii?Q?f2dNs23U5OnteaLh9oyPaEDKPOskQXZP/OrAsNsN85H7ViPIxy46+tEjcG4d?= =?us-ascii?Q?lO07W8kVig6cKKj3Xk3WBgmZ/gDkgltD4+8e3Knoj2bjO9aOhgkZD0Duj9uv?= =?us-ascii?Q?PzIjevZqNZ6ZIqXgmOPO2EMgs4oYy1Qq4WdtqjduccpKVRFvR5JSqndVmEAS?= =?us-ascii?Q?UkVUiWdA2yc5KXpZVIQGaHfwVxGLb+KjmnMh70+p89AdMLCOiiRKHzkRrhKG?= =?us-ascii?Q?z4xufhxxmh8cLQ8P61o9X3Se1OaAJgBFor70lM0kL4dDbyi6pwBymR4BJkLb?= =?us-ascii?Q?E/qFApuO9YUA/eKRzjDFh7b4dhIax4gNe4wnxuqjbC06PAHbf/VxgM8jqJmF?= =?us-ascii?Q?/s73d89U7EAOiOz8XutraCbHBaLPhhDBqdToXiVPTNAp143fTSOgQIPIG4jB?= =?us-ascii?Q?+G4N+BGec+YpJY9TTfTP7mhgjgC/iEAvm8y2NPnGSCl3U371JK64JoKlYMP+?= =?us-ascii?Q?Ys3E7PqxDOt3ZFDXODzzX7QATZFXuQVH4JQDldOMYocAGCcpdHMNcYLpWFU6?= =?us-ascii?Q?pd7A7oGot9Pz7wqoj/BN+YQiDyWNDVDcD4N7r2zyKlBrGSlb4XwN/TusXiaI?= =?us-ascii?Q?V4/shjRBR3VQWCwpNP1TVxIEHS4j9DGwAIJxjO0QvWtQxQxSgmXGfTjj+X1z?= =?us-ascii?Q?3qo64GEC1bFvxRfC97SsR+7K/JFPb4alVXsrAQT5WzWmZmK/+UoknCrh83h5?= =?us-ascii?Q?5KPiYw2qY2mwPjFMVY44K5zD2RqD9RGh4Zr9LtMC7w+JHdJLOcfUWrViYnSH?= =?us-ascii?Q?uJcdRP0FJ9t3C/7qNDIeB5bxaPpSSNSTunDT528K9FMNtKePQ2zdb0oSwDy3?= =?us-ascii?Q?JKeVuXhvU81rG9HLHiRkGiPy5YSP135ixozHVcxnNdghwB93ZICekgs0OP0D?= =?us-ascii?Q?v/RpszwdqYUodOJ1WA6CZQteS26dY/gC6wJgl8aliTuZ73Nr836D9gLVfPBs?= =?us-ascii?Q?hxcwKbFeSCzAjbqjvTCkk0fj?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW2PR12MB2492.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6719c4e3-2391-4c02-09f9-08d8f8c4122e X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2021 06:20:27.4351 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: P/+IGJGLxltxwK+HbnI0Z+17mx6gnywlzxNmmsBc40MPZdoHGKfQ+NMO/ABp3rj7oLq4gSRhexVXIrvOmacvDg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR12MB1279 Subject: Re: [dpdk-dev] [PATCH] cryptodev: formalize key wrap method in API X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Akhil From: Akhil Goyal > Hi Matan, >=20 > > The Key Wrap approach is used by applications in order to protect keys > > located in untrusted storage or transmitted over untrusted > > communications networks. The constructions are typically built from > > standard primitives such as block ciphers and cryptographic hash > > functions. > > > > The Key Wrap method and its parameters are a secret between the keys > > provider and the device, means that the device is preconfigured for > > this method using very secured way. > > > > The key wrap method may change the key length and layout. > > > > Add a description for the cipher transformation key to allow wrapped > > key to be forwarded by the same API. > > > > Signed-off-by: Matan Azrad > > --- >=20 > How will the driver gets notified whether the key is wrapped or not? > The driver would expect the keys are as per the capabilities exposed. > If it does not check as per the capabilities, how will it identify a bad = Key len and > the wrapped key length? As I wrote, the device is preconfigured to the key wrapping mode in very se= cured way. No one knows this secret except the device and the key provider (outside th= e crypto lib and dpdk application). The driver may know something but not necessarily. If the device validation to the key is failed, the driver will return an er= ror to the app. =20 > > lib/librte_cryptodev/rte_crypto_sym.h | 7 +++++++ > > 1 file changed, 7 insertions(+) > > > > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h > > b/lib/librte_cryptodev/rte_crypto_sym.h > > index 5973e31..6aca2c7 100644 > > --- a/lib/librte_cryptodev/rte_crypto_sym.h > > +++ b/lib/librte_cryptodev/rte_crypto_sym.h > > @@ -200,6 +200,13 @@ struct rte_crypto_cipher_xform { > > uint16_t length; /**< key length in bytes */ > > } key; > > /**< Cipher key > > + * The original key data may be provided wrapped (encrypted) > > + using > > a key > > + * wrap algorithm such as AES key wrap (from rfc3394) or other. > > + In > > such > > + * case, the wrapping details is a secret between the key provide= r and > > + * the device. Such key wrapping may increase the length of the > > provided > > + * key beyond the advertised supported key size. Hence it is the > > + * responsibility of the driver/device to validate the length of = the > > + * provided key. > > * > > * For the RTE_CRYPTO_CIPHER_AES_F8 mode of operation, key.data > > will > > * point to a concatenation of the AES encryption key followed > > by a > > -- > > 1.8.3.1