From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 538E3A0A02; Mon, 5 Apr 2021 21:11:40 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DCFAF4068C; Mon, 5 Apr 2021 21:11:39 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 6F4FD4014E for ; Mon, 5 Apr 2021 21:11:38 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 135J9mLo025368; Mon, 5 Apr 2021 12:11:31 -0700 Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2101.outbound.protection.outlook.com [104.47.58.101]) by mx0a-0016f401.pphosted.com with ESMTP id 37r72p08u2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 05 Apr 2021 12:11:31 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jzNJ/N7Oz++bbrNJfD/XAWIAXyBmhJ/iB04WL4/931u56YrtwHI7ghHXWI8G+aUhZRHBF76x34l41wpRGaovXg6XSyoMy5nj8mDNtbmuycKdqnfpQ3ejTCJlyW5Vcs81qTnPMmw63leZkmFgnwSha7EvO1rk9MIwxJHOSPuDRsc74RmEhgvv7Rp8H24aJUEaxjxWOIS0bT/3GdgErV3cLT6m8aw1MrbTtEAxd5z72MGpWIzOQhveDBDlFp2nnlr0DvZFAEe6sX+6mghNK/CZzC6NkR8DPwTn17ZgnzJhOt91ZCE+w1nw4Z5j5YEcw2kDHKXNtqC44S8UilAttMGC+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=961MPB4tNnScKsndZC9rcHvQtHIQvOxR2+k9FVmpa6Y=; b=UmzRQxsimC0ilO/aovIG6svbtI6uiccYFAZdDMmDOSLA5PRSGXs9Bv4gnw6wizsIcAYDX7lO9Xo/rkyS8c76HOlSNGqV6LOUVsqYsumazflxL6Fg2zkXyzjRW/JAp02xaeGPH+aupBzT6YIh/ypVC94iBTq0k/FKxd0B262OEE2artAS/HtMhBTTFJqBCoo4/A9eG1akKNZuKCpTQyDmCMHH0NxZv7InKxLcIPNt+DOo+G8COMkdd/rk5TqHRiO36YVG8X2fke0VLVTXZqyQdZKsifUS5ige6N9d1Io15Cc+TpxjyJW/T+CmXkpD3y7ir9okXl0L61bk4IUqTz4BXA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=961MPB4tNnScKsndZC9rcHvQtHIQvOxR2+k9FVmpa6Y=; b=ugXWwh9zx2RjhgrGae56uwQv2gfB+eMJF5I7RGSmoYeiG1jDe37y6cv6WNL4/h9SmuzwtM7wz32NPmjEhdOW7mS6K7S2ltMT34185hxoj73Ryb8e3a5Ozul6J9sMMDtRBH48Rvqt5ujSd5z50k2KwOgqd70gFsztB3pnnhU1AB8= Received: from MW2PR18MB2284.namprd18.prod.outlook.com (2603:10b6:907:10::16) by MWHPR18MB1246.namprd18.prod.outlook.com (2603:10b6:320:2b::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.28; Mon, 5 Apr 2021 19:11:29 +0000 Received: from MW2PR18MB2284.namprd18.prod.outlook.com ([fe80::3168:cb00:6607:743f]) by MW2PR18MB2284.namprd18.prod.outlook.com ([fe80::3168:cb00:6607:743f%7]) with mapi id 15.20.3999.032; Mon, 5 Apr 2021 19:11:29 +0000 From: Akhil Goyal To: Matan Azrad , "dev@dpdk.org" CC: "akhil.goyal@nxp.com" , Declan Doherty , Somalapuram Amaranath , Ruifeng Wang , Ajit Khaparde , Anoob Joseph , Fan Zhang , John Griffin , Pablo de Lara , Michael Shamis , Nagadheeraj Rottela , Ankur Dwivedi , Gagandeep Singh , Jay Zhou , ArkadiuszX Kusztal , "sashakot@nvidia.com" , "oren@nvidia.com" , Shiri Kuzin Thread-Topic: [dpdk-dev] [PATCH] cryptodev: formalize key wrap method in API Thread-Index: AdcqT0Qbt/OLeC1ZQ3qwUWQGGKGKVg== Date: Mon, 5 Apr 2021 19:11:29 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: nvidia.com; dkim=none (message not signed) header.d=none;nvidia.com; dmarc=none action=none header.from=marvell.com; x-originating-ip: [182.69.47.6] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c39bf6c2-32ab-4fc9-d97f-08d8f8669e22 x-ms-traffictypediagnostic: MWHPR18MB1246: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: T4Z9pADnu4MMGO85x3tE7EgDvWGKnpfYHEtSzTzZoH1Md4W0dmREY6GQY5p9KNRTJyqJg8Y9m2o7ABdlnAVuB0VBaqs+1eG/Q/m/VEn+uQ7PQpM3Zt3bc3ZC5UD3zE4X88TTCCRvZtnPGJ3SW5lbSRqjrQzl5qoQsUvVODmQdYmen49k85io2j7ofO5JmXtsGwBpNDNOYeZzdyyti9XSJOIAS9nFIaU59RrWLWOCCSPxyHnBa1S/RESfkX65039fiNqDxgFihwDh4WS2Cs+Gspgzle8k+4WrpIcy7lrGhkNgzuwv0RSXrfgmYZTQ2Q29bMF+Du7EO8JBVG3GBTWxWD43OoIh4RkB10EX6xVnhIcJeVUhNv08gttTkNIytepvGBtyIxr9/2lXr3Egzz5IA9m84K2sp/P6qWdhL4PTFP7Yz+xvLo6ACGI35MX3KJOJAfoG56X8+sQw7HDyRcDtEb8iDv0Dtil0SQENmhX3AwY91ObjBnhKaeB6y6iizzK9YLfImdzDGgjUXB7VcWvkwH05QGTQAcBJZqssOyi8xPg8raa6xSjQMnJhV9Mef6KxR7FH8jtbQSgt+nfUAeoqYvy7jq3QzeViZQrMiXoGzFJEndHX9buUw7qo/ZtZbE8D82hBC62jsT9vb174oiUtluglMQo9l0cDH5H5zm4gYBs= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW2PR18MB2284.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(376002)(396003)(366004)(39860400002)(346002)(55016002)(8936002)(5660300002)(9686003)(8676002)(71200400001)(316002)(110136005)(83380400001)(7416002)(66476007)(66446008)(64756008)(186003)(66556008)(66946007)(26005)(38100700001)(76116006)(4326008)(54906003)(33656002)(478600001)(86362001)(2906002)(7696005)(52536014)(6506007); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?DgodXl9fVhbhGt+qEm76pRIBxpHZ0jvVcWxrSRg2KLbgnSs4ET5IG+LOyjX/?= =?us-ascii?Q?KxLeykrWVFR/DlfazRyvNVTEBMPf62WZUlEctLtglbYH8iwN67C22Hi0vIHC?= =?us-ascii?Q?UAjYo8mCznf9Ag+AbYAO3Fs5MKma8ZmHAx3onnx1naKPs7SwYzFFsORR2HqQ?= =?us-ascii?Q?jSWIRDJLImlOHFNk607qrLT+q7XHBuBTi5azuUi5UFgWX1OjKGyNt351yamE?= =?us-ascii?Q?qIsjwKZYZWu5AeuAMfHwPbXMCKWn049c/nOg2EcNKpuGQXfnlFfqwsvx0xyT?= =?us-ascii?Q?VYhG94eL2f7P4Dtdi/JKdReoibP4sYLrnJNoG0viELQzrjnpIGV225H+6Ehy?= =?us-ascii?Q?enPKZ7qTu7wx4CvwOdeas23L34lSqXaYH95bbyQFl5us1Gr51/cbiHYv711X?= =?us-ascii?Q?LPWctab0RQGpf5NlPdnTBD5JprKRPv0LC6PwLIg0jzx5xhhwURv0GJ+cm4Ku?= =?us-ascii?Q?WWHMBUBgpWcu/OreNyjvw7tOxSJxEt5aiiOlJvB7T+gZAyAV3ovZiJLpZ74K?= =?us-ascii?Q?fpwzGCNviOityeVpKPt8Mm7nDkRCuXNjeiESim2zs5nUhxfXkXUkj6UJeyqt?= =?us-ascii?Q?rU9JQ8MmheDdBj2NMxeUJ6otmuzZ78YMwdaesnkgV/2w4/nKc/SlOR0DNCrs?= =?us-ascii?Q?GLMRBYqNkqMlllqrDrScPhCBnmLPEl+G94UZ7krki2IJviUwBYeUapfZh8Fd?= =?us-ascii?Q?jZOEkwxvjU2MkcIiYuHDkW3rzULfwzWQg4qq5NcTsG76apXHo8qDz3lsKmFm?= =?us-ascii?Q?iy3K9trV9pT7HQOAAI4VoHQQr+dXNpGWH9t2wWyg8qKSRM0X0bkCn9r/1qkW?= =?us-ascii?Q?x18u/hJHTqhd5264UZOwjoXyYHOn3QIMphiQF6aUDC0eI51qzqBhGcw2NvBk?= =?us-ascii?Q?vn8VDmBz4St+rGLW4O9+e8A3z06h6FRTLjCKY/MZY/eYKxslcHsvZLtohJLT?= =?us-ascii?Q?PhshfgOr1N5BCQ3xjkueFh3y4bu3h+UWGfkIGngmeGNfi2W+eFQZ8ogSB9v1?= =?us-ascii?Q?kZUWsjJ7WZcqhkUBxdu6IJ4PIlTNg0/NZtEQExgdEluFDMeafXb+I5uF/4Vl?= =?us-ascii?Q?lhaZ8NIqsVLOOi+XXX0/s0UVAoFhTJKn1dRvQXVSwcOU+qgSxNnfomzNJW58?= =?us-ascii?Q?8Xs/bEGkACHtuiJ+a4qq3P/sVBanszuD9YLXo0dPkVPqGpGW6iEfqFs7PcT0?= =?us-ascii?Q?1NvBHYmcc5sGS530yih1OgFIyxeRheq2GBoi5FaICoXzCuMY8R/ciCBkg5Ks?= =?us-ascii?Q?SkMYH1jRxO0bJ+WKL11XpzLvrlkcsdX2ouOYF20RosagPFdg1cqX+nQ0R5Kf?= =?us-ascii?Q?EOE=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW2PR18MB2284.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c39bf6c2-32ab-4fc9-d97f-08d8f8669e22 X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Apr 2021 19:11:29.3663 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Z2EsBnKVaMIPKMzrhX4ysSQ0+pHYVQnNyj+HOW6QxAZcKgQ+MrpWAR508irV9iZgc751P9ApykEc9TrkPpQ1Mg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR18MB1246 X-Proofpoint-GUID: D_kbisj6T8pkonErVyeHKpPQ0vs8RDXC X-Proofpoint-ORIG-GUID: D_kbisj6T8pkonErVyeHKpPQ0vs8RDXC X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-04-05_14:2021-04-01, 2021-04-05 signatures=0 Subject: Re: [dpdk-dev] [PATCH] cryptodev: formalize key wrap method in API X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Matan, > The Key Wrap approach is used by applications in order to protect keys > located in untrusted storage or transmitted over untrusted > communications networks. The constructions are typically built from > standard primitives such as block ciphers and cryptographic hash > functions. >=20 > The Key Wrap method and its parameters are a secret between the keys > provider and the device, means that the device is preconfigured for > this method using very secured way. >=20 > The key wrap method may change the key length and layout. >=20 > Add a description for the cipher transformation key to allow wrapped key > to be forwarded by the same API. >=20 > Signed-off-by: Matan Azrad > --- How will the driver gets notified whether the key is wrapped or not? The driver would expect the keys are as per the capabilities exposed. If it does not check as per the capabilities, how will it identify a bad Key len and the wrapped key length? > lib/librte_cryptodev/rte_crypto_sym.h | 7 +++++++ > 1 file changed, 7 insertions(+) >=20 > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h > b/lib/librte_cryptodev/rte_crypto_sym.h > index 5973e31..6aca2c7 100644 > --- a/lib/librte_cryptodev/rte_crypto_sym.h > +++ b/lib/librte_cryptodev/rte_crypto_sym.h > @@ -200,6 +200,13 @@ struct rte_crypto_cipher_xform { > uint16_t length; /**< key length in bytes */ > } key; > /**< Cipher key > + * The original key data may be provided wrapped (encrypted) using > a key > + * wrap algorithm such as AES key wrap (from rfc3394) or other. In > such > + * case, the wrapping details is a secret between the key provider and > + * the device. Such key wrapping may increase the length of the > provided > + * key beyond the advertised supported key size. Hence it is the > + * responsibility of the driver/device to validate the length of the > + * provided key. > * > * For the RTE_CRYPTO_CIPHER_AES_F8 mode of operation, key.data > will > * point to a concatenation of the AES encryption key followed by a > -- > 1.8.3.1