From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A7505A0A02; Tue, 6 Apr 2021 10:08:14 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 61281140F77; Tue, 6 Apr 2021 10:08:14 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 7AA80406A2 for ; Tue, 6 Apr 2021 10:08:13 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 13686Hti007134; Tue, 6 Apr 2021 01:08:08 -0700 Received: from nam11-bn8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2172.outbound.protection.outlook.com [104.47.58.172]) by mx0b-0016f401.pphosted.com with ESMTP id 37redm8rtx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 06 Apr 2021 01:08:08 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bjim1w+sG8Y7nMyS9hdK+/8pMBtuqM5EWEvjCmx4VBWo3YVsXWMFzL88DRAHTLGScu2mHF7EOZWQp9mEx7SqoQlS8hAUrhhTiTPmJ81pKi+zmkLNHvnS6fEBSpQUxsEudE8lyvKCp1bOz9B8szqoPUudat329eC8sem0jg0m9eEccZ3PPkpAvr/SuQf+B7oJb7Uvn/psEN/PcTOf0jiImZVVOJBFEYug2sge7fEodqiVte/dCroe+92MFCoaVPDPz+rxPdRXRPr1ImwzZMhv4eRYQDZrHJeBl0r9U8qdqRvqS8ZfVim+5ylEW8rEwdRmbmDTq8wQc06zataCfL5jEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HzUt1f6Y6YoOWOKqcfY6dNCaaQ07DoSttOC4Nx5TIy4=; b=Jr7dG4cJhGoGwXnpE30/qtCeZzlHz7oiYYFrIIxTqen6GpG7djdHbTgyw1lcvW9D7gm+EvIZpu5Ac96eS4+IVjFK46+S8tMwXJHu58o6eOB6vRFHCNa3/oI+twrWgx+RJwlDnO9k/Z8DAVmetL70qZ5HIJ7W4JRacSKuB+ihJjeIYUbGcn9E+/Dgi/OMLso2AXxbZ66M1JUl1tnfSWmh3nJ4/GcUodz92yvG9AO3d676ysZUgZhOrtX/HrfYS9A0/YM28LGwRFdGLtpwFiPF5BC3EiYcIDqPEn+QLvbJz5zExMDmBKkhhINakPx9Cd2pS4Kwqel2z5A3akQqXzDC7Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HzUt1f6Y6YoOWOKqcfY6dNCaaQ07DoSttOC4Nx5TIy4=; b=GghJjACLtpt1GNXO5Q28NZ8apW2i0dszSFTJRXnFo5ZdCIF/vB774rmD7PlvgL5jZi8wbgfioa1JZgR9VpH3EzAOGODtKbm8uEGmYqr+7ZZ6PhvkZxAAQZa6HG9Uhg/5ric5L29b25fI9a5Dj+LoWD+h67cPpuK4h1ZLGBkn/bY= Received: from MW2PR18MB2284.namprd18.prod.outlook.com (2603:10b6:907:10::16) by MW3PR18MB3498.namprd18.prod.outlook.com (2603:10b6:303:5f::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.29; Tue, 6 Apr 2021 08:08:06 +0000 Received: from MW2PR18MB2284.namprd18.prod.outlook.com ([fe80::3168:cb00:6607:743f]) by MW2PR18MB2284.namprd18.prod.outlook.com ([fe80::3168:cb00:6607:743f%7]) with mapi id 15.20.3999.032; Tue, 6 Apr 2021 08:08:06 +0000 From: Akhil Goyal To: Matan Azrad , "dev@dpdk.org" CC: "akhil.goyal@nxp.com" , Declan Doherty , Somalapuram Amaranath , Ruifeng Wang , Ajit Khaparde , Anoob Joseph , Fan Zhang , John Griffin , Pablo de Lara , Michael Shamis , Nagadheeraj Rottela , Ankur Dwivedi , Gagandeep Singh , Jay Zhou , ArkadiuszX Kusztal , Sasha Kotchubievsky , Oren Duer , Shiri Kuzin Thread-Topic: [dpdk-dev] [PATCH] cryptodev: formalize key wrap method in API Thread-Index: AdcqT0Qbt/OLeC1ZQ3qwUWQGGKGKVgAW3sbAAAQOm0A= Date: Tue, 6 Apr 2021 08:08:05 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: nvidia.com; dkim=none (message not signed) header.d=none;nvidia.com; dmarc=none action=none header.from=marvell.com; x-originating-ip: [182.69.47.6] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 203be2cc-3f90-43d7-876f-08d8f8d31c0f x-ms-traffictypediagnostic: MW3PR18MB3498: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: rwMdbjAeaQmxX4gSaWPpMiGA0MrIcq4R4+K8TywGOqoke+qdgvdwuIiP9tFZx+f5S6Ut+3KqtwC5yvU6MYwKGEzvx+qvc4rmH7WlPU0fDbuTaqz/VtEBNDCO0MTfcSpdSQVJVD5coE39ADDdydsfzcUuOiS8c2LwPIVYcM9tJG5N1s+9ioCVebO9QmhVa/p4AdwkRzxU+wPPL6EKi6Yj6u7v569F0EuUabo+z6pXcVkaoSnStA0ezSfcpzCYQmbWZzCcTx0SxwWzNNo+nFkr2a0y6ju2QKZAdj4JeumCA0FEHSh7pB8b2tmTQdPD2VYES/TwqMEIPi2M/wHp9U8NqkmRqvaFlMWn0htnjx2HhPkAsSLnz40XP1kmt0+Ychy0SrtAh4I0RCjCkve92crIyWN6m5TWNmUxv7AjzvdRpUNsRZKHkcCM3r+qQmicRgttaqKM9lCPRDWpw43yCDyHO1A+5z5eZS3MT0xH9+M/7PxdCOCPG0kC46MLfcR7P8hZLZlkKA/aKCNXRyPk6Bm6QdkaFgZwWjQ2mgjcPPrKUcDbve737wiNk0/q67U8cJyCo6oCsrnqXNVejHXhKTH4cdjKQUV0SI7UrvXHrw9rc1xjV1JvizL14sFyBkNdrPvK0YXCy5NCzlQdIk5u/DbHrHoXATVqVHD7w7EmcHbYWjE= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW2PR18MB2284.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(396003)(376002)(366004)(346002)(136003)(86362001)(316002)(8676002)(71200400001)(52536014)(33656002)(64756008)(38100700001)(478600001)(110136005)(5660300002)(66556008)(66446008)(8936002)(54906003)(7696005)(55016002)(26005)(2906002)(186003)(83380400001)(66476007)(7416002)(76116006)(66946007)(9686003)(4326008)(6506007); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?9opvg6HLTPrN+va0K5HJq2srZofbeVKVMTOyX+hwmmJtxGgjjQ+bpzTKtRt8?= =?us-ascii?Q?VR4oLFTjoTg57a9JhiuSbUuLdpCpmHmm38K0pSUbM4bpmAcSeckU37W05NXj?= =?us-ascii?Q?nY0Be+/dKKnBof4FMmuYmqYi57RCutYl6RtK48sOYDqizAYjX+Lik21ZjYWT?= =?us-ascii?Q?YSOpPQX6wEMW0+D7stvpog0KBnx+d0HoYxOd2UcEcDQTB2vv2F9F4ay0NaZp?= =?us-ascii?Q?Yke/HcOFU+1AkvuNisu92decsnYw6CsPU3FjW71ou8Jc/zwY+aylzJvl6e3d?= =?us-ascii?Q?F7TXnUwNEe/wY+nnbeMS3V1m+EVK6JdwjWFAxrEoN75YHd/zuhfTrBAd+2qS?= =?us-ascii?Q?BdzgIKANjlEeAlVp8fSytuflKEQYiP6swGMtyZIaEGRMxyUk1/oZ9/Bs9vAJ?= =?us-ascii?Q?q+f2QUwkzI9SPPRWH995IV/ULAfXVrMg5k1Nn6QE1dBue5Hugh+moUUq8fYI?= =?us-ascii?Q?6KwuUVVsE1zzq6kqAhemW5GXoqmtBl4WbzCNlp0VPzJ9IxOuN+aV2l7Cl/CV?= =?us-ascii?Q?dnaG+nvr49UDsQPrXML52EqBLva2VmaLWjANzTgTjMi2JMEHZGqGre03bQmQ?= =?us-ascii?Q?4WHetcHzKqzrDNxf/9hIePPToBMFGhUdtRF/2ODIyREvG8rfQt76pLpUkjvZ?= =?us-ascii?Q?Q47N6rqtF8OkvOfm9zy0KZV6+d4LPjtfWg1BLxJYXw/H89dJguMyhb6tVr5w?= =?us-ascii?Q?oVmgLIriC8Ffg26/+tBj43Ic22wWgTkOWCnJkn2ezGkhVA5zDOKyvdchMEn2?= =?us-ascii?Q?6GvyDJ3IycWVlkkmi2RjGqjXAAf2VFfki0Q1BQnNZ+Ebe35ikLm4W8i2ghBh?= =?us-ascii?Q?WPe/+Idc0mzI2rEsN//axyX0DEI3WaKJDDOwRoFHmW8QEG17wsehuWhl4LBH?= =?us-ascii?Q?/w6z0oHUXab69uJ1RdKJDd6KdfngImph6X4KNgd3DYcbF5Rs8bbtm26g86r5?= =?us-ascii?Q?Nipjgg7HtxGOmu++mphubRyfxRTSjZbeLyDwmCaCQRewVEVX39uYfClpMa5J?= =?us-ascii?Q?3LpeX/vI6QPgICCSF5EYkbfD+0TxR3xZx8J1QrC+5GKUxGT1Eh35hxsEGOZ7?= =?us-ascii?Q?KV2uDfnMcyfqNt0mIJqdDIJ1BGFvFfAxn8Ss8pSJrDAj7ZlvuKxVNSoLgx98?= =?us-ascii?Q?XfSxESHK3N1AxS2lc+soOoVsCamftKVkTuNo7IfOVYd5Me7MM48AQ7u+i+7F?= =?us-ascii?Q?uLF0+tbn1ra4NP3ECsYctOIRvkmJpRbmS5cunzv4aA2jM/h0si+eTYGQSW4t?= =?us-ascii?Q?5ro/+/kMcwyMWwEKBb0CuBVVVzVnux/+W0cnjAIEnvxlnD1ygOettn9n1Aq9?= =?us-ascii?Q?MX8=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW2PR18MB2284.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 203be2cc-3f90-43d7-876f-08d8f8d31c0f X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Apr 2021 08:08:06.2794 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: I7wp6r2ZDkMZctDBK5SeaUHvUoeqkWjxhtFgos1A+d7ZG5FANBhbj4ZYv1FJF2a0N2w0xM2LEJK4jF2LH2FqnQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR18MB3498 X-Proofpoint-GUID: MjXMhlLMh651nom76jm5kAp8cXN_X9yc X-Proofpoint-ORIG-GUID: MjXMhlLMh651nom76jm5kAp8cXN_X9yc X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-04-06_01:2021-04-01, 2021-04-06 signatures=0 Subject: Re: [dpdk-dev] [PATCH] cryptodev: formalize key wrap method in API X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > Hi Akhil >=20 > From: Akhil Goyal > > Hi Matan, > > > > > The Key Wrap approach is used by applications in order to protect key= s > > > located in untrusted storage or transmitted over untrusted > > > communications networks. The constructions are typically built from > > > standard primitives such as block ciphers and cryptographic hash > > > functions. > > > > > > The Key Wrap method and its parameters are a secret between the keys > > > provider and the device, means that the device is preconfigured for > > > this method using very secured way. > > > > > > The key wrap method may change the key length and layout. > > > > > > Add a description for the cipher transformation key to allow wrapped > > > key to be forwarded by the same API. > > > > > > Signed-off-by: Matan Azrad > > > --- > > > > How will the driver gets notified whether the key is wrapped or not? > > The driver would expect the keys are as per the capabilities exposed. > > If it does not check as per the capabilities, how will it identify a ba= d Key len > and > > the wrapped key length? >=20 > As I wrote, the device is preconfigured to the key wrapping mode in very > secured way. > No one knows this secret except the device and the key provider (outside = the > crypto lib and dpdk application). > The driver may know something but not necessarily. > If the device validation to the key is failed, the driver will return an = error to > the app. >=20 Shouldn't this be a capability/feature flag whether it can be supported by = the underlying Driver or not? I am not saying that the driver should know the details of the wrapping mod= e. But it can be asked, whether it support this wrapping mode or not? >=20 > > > lib/librte_cryptodev/rte_crypto_sym.h | 7 +++++++ > > > 1 file changed, 7 insertions(+) > > > > > > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h > > > b/lib/librte_cryptodev/rte_crypto_sym.h > > > index 5973e31..6aca2c7 100644 > > > --- a/lib/librte_cryptodev/rte_crypto_sym.h > > > +++ b/lib/librte_cryptodev/rte_crypto_sym.h > > > @@ -200,6 +200,13 @@ struct rte_crypto_cipher_xform { > > > uint16_t length; /**< key length in bytes */ > > > } key; > > > /**< Cipher key > > > + * The original key data may be provided wrapped (encrypted) > > > + using > > > a key > > > + * wrap algorithm such as AES key wrap (from rfc3394) or other. > > > + In > > > such > > > + * case, the wrapping details is a secret between the key provi= der and > > > + * the device. Such key wrapping may increase the length of the > > > provided > > > + * key beyond the advertised supported key size. Hence it is th= e > > > + * responsibility of the driver/device to validate the length o= f the > > > + * provided key. > > > * > > > * For the RTE_CRYPTO_CIPHER_AES_F8 mode of operation, key.data > > > will > > > * point to a concatenation of the AES encryption key followed > > > by a > > > -- > > > 1.8.3.1