From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 05BFEA0524; Tue, 13 Apr 2021 11:58:52 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DC102160D9C; Tue, 13 Apr 2021 11:58:51 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id E178A160D8E for ; Tue, 13 Apr 2021 11:58:49 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 13D9tPug022300; Tue, 13 Apr 2021 02:58:42 -0700 Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2101.outbound.protection.outlook.com [104.47.58.101]) by mx0a-0016f401.pphosted.com with ESMTP id 37w6vugf5r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 13 Apr 2021 02:58:42 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KGhSXaJYXJN5gj9jyal0W50cVbuZ01BlVdia2bhToJ+X+uByCMwHczOvi7VPp9Schr7ecu04i9HfstVRXE3a93+XBkjkr8NbgaV3dWzP4F20Zc/BHzlj9muCaheQBZGomokT0m9d4AfesSVKjQkkmtV0m/fz0cejuecsvqLmSbrve69YzCT2TIdiz/X4W7B83aVGFyvnU8AWdclpkKrmr+6otVluFtVLQ3ckVnhNUnRqvSvS/QQAjBxLpmjXHJwb7feG1XuSVcQOW1cLPX0cB4BVicRNDcTeWV7WQUrS8YWohr2zqWXa+XGHFQNjhEcU7R/jecLbTDbGYR/n6OGYzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GIl9GverfK3rd26IFrDls4EYxc4qIb9exlTsx7JZOiI=; b=I2ZcFc94b7isvZtA4OCSSpYIU6QapTVWEgKa6sBLs6daqWw9utVsNKjGIZxOVIISsBcav5KRmyjDkBWUQh9slRDWEkpFw+w6o3eOJLduawtBuKTq8fDzgMfNrluzdhUGkvIyMfJUQ87LZkDKqdzTqrRvvRA6/3JH5PlJiHOIAv+eiSQQ7JJ8qM0XATHwDFwHXBvSw7bY8fLi6235l5zOe1C9p5Wq0F9MMWuYg1aR1p+ZH3qPaI4w2W2HrxQoK+SFHVfCYkYTRzhYUbnwCIyPw+Fds4eXGAMsp+WpPnTrOoIcrpxh2/kVetcNzRK0Zkg1gl1Na9En7AWQrr2AqZHE7A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GIl9GverfK3rd26IFrDls4EYxc4qIb9exlTsx7JZOiI=; b=AJFbInKvG1iumU+ohsyTBWaHOaeGZMSYhczvF4fLTNoa4dQ0funWYPv0N04ODK4zQFzzElo5HwzPJxBx+1tzZUy79SBCGNxKFTTB7YKZrz0wWZ6BSOktEySm1vD9n3jzwDnkDT8os6QwCRFgfr0JUTzqbMOcuofIYmNT9GNgLOQ= Received: from MW2PR18MB2284.namprd18.prod.outlook.com (2603:10b6:907:10::16) by CO6PR18MB3908.namprd18.prod.outlook.com (2603:10b6:5:352::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4020.22; Tue, 13 Apr 2021 09:58:39 +0000 Received: from MW2PR18MB2284.namprd18.prod.outlook.com ([fe80::3168:cb00:6607:743f]) by MW2PR18MB2284.namprd18.prod.outlook.com ([fe80::3168:cb00:6607:743f%7]) with mapi id 15.20.4020.022; Tue, 13 Apr 2021 09:58:39 +0000 From: Akhil Goyal To: Matan Azrad , "dev@dpdk.org" CC: Declan Doherty , Somalapuram Amaranath , Ruifeng Wang , Ajit Khaparde , Anoob Joseph , Fan Zhang , John Griffin , Pablo de Lara , Michael Shamis , Nagadheeraj Rottela , Ankur Dwivedi , Gagandeep Singh , Jay Zhou , ArkadiuszX Kusztal , "sashakot@nvidia.com" , "oren@nvidia.com" , Shiri Kuzin Thread-Topic: [EXT] [PATCH v3] cryptodev: formalize key wrap method in API Thread-Index: AQHXMC9/ZWHTT+KC5Ei4O4kHAPTyb6qyNTZQ Date: Tue, 13 Apr 2021 09:58:38 +0000 Message-ID: References: <20210411140053.2914307-1-matan@nvidia.com> <20210413063718.3123698-1-matan@nvidia.com> In-Reply-To: <20210413063718.3123698-1-matan@nvidia.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: nvidia.com; dkim=none (message not signed) header.d=none;nvidia.com; dmarc=none action=none header.from=marvell.com; x-originating-ip: [182.69.47.6] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 23d11faf-0c00-4a97-f48b-08d8fe62b654 x-ms-traffictypediagnostic: CO6PR18MB3908: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5516; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: tfSYMEPO/TPgl01Eahgb77gLPFCNPEuEfEuqa6ri47jCHrWIcVgOmwQJwODolZqXNUPcjVgnIH12HAZZC0idZVV0hCkVw9IMtrJw1otEosTypuc7eKYjJgG/pRAoj+IfvxPsn88KBaDSD34sFcroTIgV9zIbfUnk4Z12koQq1Y+Y50XcQueC9UXRGGs/oBnG+Dm804S54So4/a2V+8Itsb6JhBQU+F7jvwvNRrOQdzNONF7MNfwiDE6T7KfNxpTwSz227awSTk1TwBPL20zOJocf21Ae09OrSXGaqPZWSTHQnKk/lVTjHa+ofm6p+7PpPNoiq0GxnMxXy7s3eNqiZ8kSNvy5aarmualVsGQHNbD8X80jHQ/krRYEFPxFTHeIJXwiMeLeZy0mPqO7ZZhq/qp/Z/XpEPtTKkIiZfwlbIcxsHhUh5AubOxlPy2GhRVUDVk7DQpQlTaZYKHptjXFOj2cXGooNSsHBiKyOjLYrjFszR+kV640HrKP/QHuB8GPyuOl3j4u8yZiMlkqa21AG4jMCWgJn5+xLeHf5FNyPHP939/0O4oSZ3DekZTAaPaGLYQSwg/N25F11qzu2OredKIzEeOyeMziqnOV0e6NWEk= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW2PR18MB2284.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(136003)(376002)(396003)(39860400002)(346002)(186003)(55016002)(478600001)(5660300002)(76116006)(38100700002)(26005)(86362001)(4326008)(7416002)(9686003)(66946007)(33656002)(2906002)(66476007)(66556008)(8676002)(66446008)(71200400001)(316002)(110136005)(7696005)(54906003)(64756008)(6506007)(8936002)(83380400001)(122000001)(52536014); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?acnV0hkzAhZgjv3rN82Jb0ZMtP/Dp8pCbEQ96PQFS1LSbKhAfTGZoqF4iUoJ?= =?us-ascii?Q?ECpWAmbHkUq8H1kQFvd/VzX3/dMqivIyCNkp+3vNjEPOOr2OVIPuVDGpRozz?= =?us-ascii?Q?4AitCMggTGvQC0sWaG0m8wJyEpKm7e4Tso1G7qcblN+Cgpb3FAZREUpRfjtF?= =?us-ascii?Q?yWiVwRybRlcAh9ONEgfw7K+AevKYAEPBpprVYUKaPm/65+nvT17zuK5bUoBN?= =?us-ascii?Q?3MU8dar/CozzaenPxwA73lzPRcNOOtI0cHEpWYYRLBc2WfGFGe2FM3fPyoX2?= =?us-ascii?Q?T1Ye8errEJR8GzaA1M+JxMXBDdg05SiU4r2+5/w4HMWulTDUPMTyJppqobeX?= =?us-ascii?Q?Em7OA67XJ0MsJk95wj8kQRRvk8YhQ+B764LGbA/ANaVynE5fhy9hHD/oieCL?= =?us-ascii?Q?Xv3+ihi7dF0BcgHQvqm80CfmA627nM4JvekGGQ+ZJZmtcZr9v6Qzr/f/FDO4?= =?us-ascii?Q?oKFz5klk6MMc+4pxKG4VzONnLac9KLRZOmjDa/sFpOBHNuPMckkDhuqTY7xv?= =?us-ascii?Q?Lu74/rgJXypmSFwakX6qY2gJaNs/JB7+sEkV+q5bjMmGAoPBrNT1rAUMl3fk?= =?us-ascii?Q?WqwEpAWUU4DJsClbLodKTun3d6JNq5X6lnwtHpzVxvP4XxEpm82dPa66s7o3?= =?us-ascii?Q?KyXoVzHQmdlmI1xTEJyVeIJD6JgpsROCQXVizKe7HEa2oTNHm1lop2Fi85f3?= =?us-ascii?Q?596CyIpL7lFLKN8aka9tkUJtCC2mFbYMVs00Ur8tTp5NFpqaMM/yQGVW5xTP?= =?us-ascii?Q?Mdgb+41SrFBv/Rep440fmdRFLAvsIbtBfNan3uI9GuvRSeJoYHI8j5U2aKpu?= =?us-ascii?Q?U9wQkNwQY+/Q6vLDABsPOzylli5XbwoEkpLG/+PwXGDpQ/iq+oaumCO7GkEi?= =?us-ascii?Q?V8rxkBWjKmPAsWYHdSY665/E1DIyvfw6FBTZgQjudWUzu6NKT3qOxqZhQs5Z?= =?us-ascii?Q?3flb+SX4g7tj0/hdhX8qED+HN1NmEcw6tTK6257PEJLfzcKinE7I4jpQOXRN?= =?us-ascii?Q?HtykSwXvfAoiaPV8lxqeoMbNKwfcKiHibR5DviXuQgk98D8w8tXJV9WUIdTU?= =?us-ascii?Q?N+fHGWwCbYst+0b92zQXt/GTL/YGg2sfwyy64XCEVTcLNiSw7Jo+isAkH5+H?= =?us-ascii?Q?S69Yi76yOZuLPihXXuW+hqMV/WJx39Wgf4ZK8qZu0biDMli06WW3lMyUiCTU?= =?us-ascii?Q?5YNUIr7Q47imidoWaC677Xt9khUv3ArgWqP3zHt4yTMuEyOUja/mAONJFZ45?= =?us-ascii?Q?nr/UonviYC+lG7DZr9yaqjVFfu6Xw4o4tNuZr6wYFzEI5VzaeroHnvUN5VME?= =?us-ascii?Q?M4c=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW2PR18MB2284.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 23d11faf-0c00-4a97-f48b-08d8fe62b654 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Apr 2021 09:58:38.9657 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: qT9RibBLhu5HWtU1MmhIqyMQZ1Wprqw5X88I+9xaS3cx7p0TxcSyRbog7jUlP7UJEbrERByVRPW7dIJI/CDoAA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO6PR18MB3908 X-Proofpoint-GUID: 5vwI3NXMBzOfAjmCO_QwsNs49CEVYtOv X-Proofpoint-ORIG-GUID: 5vwI3NXMBzOfAjmCO_QwsNs49CEVYtOv X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-04-13_04:2021-04-13, 2021-04-13 signatures=0 Subject: Re: [dpdk-dev] [EXT] [PATCH v3] cryptodev: formalize key wrap method in API X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > The Key Wrap approach is used by applications in order to protect keys > located in untrusted storage or transmitted over untrusted > communications networks. The constructions are typically built from > standard primitives such as block ciphers and cryptographic hash > functions. >=20 > The Key Wrap method and its parameters are a secret between the keys > provider and the device, means that the device is preconfigured for > this method using very secured way. >=20 > The key wrap method may change the key length and layout. >=20 > Add a description for the cipher transformation key to allow wrapped key > to be forwarded by the same API. >=20 > Add a new feature flag RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY to be > enabled > by PMDs support wrapped key in cipher trasformation. >=20 > Signed-off-by: Matan Azrad > --- Acked-by: Akhil Goyal I hope crypto mlx5 driver support this feature. Do not forget to add this f= lag In that. >=20 > V2: > Address Akhil coment to introduce ne feature flag for wrapped keys. >=20 > V3: > Improve descriptions\spelling suggested by Akhil. >=20 > doc/guides/cryptodevs/features/default.ini | 1 + > doc/guides/cryptodevs/overview.rst | 3 +++ > doc/guides/rel_notes/release_21_05.rst | 5 +++++ > lib/librte_cryptodev/rte_crypto_sym.h | 8 ++++++++ > lib/librte_cryptodev/rte_cryptodev.c | 2 ++ > lib/librte_cryptodev/rte_cryptodev.h | 2 ++ > 6 files changed, 21 insertions(+) >=20 > diff --git a/doc/guides/cryptodevs/features/default.ini > b/doc/guides/cryptodevs/features/default.ini > index 978bb30cc1..c24814de98 100644 > --- a/doc/guides/cryptodevs/features/default.ini > +++ b/doc/guides/cryptodevs/features/default.ini > @@ -32,6 +32,7 @@ Symmetric sessionless =3D > Non-Byte aligned data =3D > Sym raw data path API =3D > Cipher multiple data units =3D > +Cipher wrapped key =3D >=20 > ; > ; Supported crypto algorithms of a default crypto driver. > diff --git a/doc/guides/cryptodevs/overview.rst > b/doc/guides/cryptodevs/overview.rst > index e24e3e1993..b87c4c6a27 100644 > --- a/doc/guides/cryptodevs/overview.rst > +++ b/doc/guides/cryptodevs/overview.rst > @@ -49,6 +49,9 @@ Supported Feature Flags > - "CIPHER_MULTIPLE_DATA_UNITS" feature flag means PMD support > operations > on multiple data-units message. >=20 > + - "CIPHER_WRAPPED_KEY" feature flag means PMD support wrapped key > in cipher > + xform. > + >=20 > Supported Cipher Algorithms > --------------------------- > diff --git a/doc/guides/rel_notes/release_21_05.rst > b/doc/guides/rel_notes/release_21_05.rst > index 1537fac4bc..24b8b28253 100644 > --- a/doc/guides/rel_notes/release_21_05.rst > +++ b/doc/guides/rel_notes/release_21_05.rst > @@ -132,6 +132,11 @@ New Features > data-units for AES-XTS algorithm, the data-unit length should be set i= n the > transformation. A capability for it was added too. >=20 > +* **Added a crypto PMD feature flag to support cipher wrapped keys.** > + > + A new feature flag is added to allow application to provide cipher wra= pped > + keys in session xforms. > + >=20 > Removed Items > ------------- > diff --git a/lib/librte_cryptodev/rte_crypto_sym.h > b/lib/librte_cryptodev/rte_crypto_sym.h > index 5973e31f30..a1fb5b0f5c 100644 > --- a/lib/librte_cryptodev/rte_crypto_sym.h > +++ b/lib/librte_cryptodev/rte_crypto_sym.h > @@ -200,6 +200,14 @@ struct rte_crypto_cipher_xform { > uint16_t length; /**< key length in bytes */ > } key; > /**< Cipher key > + * > + * In case the PMD supports > RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY, the > + * original key data provided may be wrapped(encrypted) using key > wrap > + * algorithm such as AES key wrap (rfc3394) and hence length of the > key > + * may increase beyond the PMD advertised supported key size. > + * PMD shall validate the key length and report EMSGSIZE error while > + * configuring the session and application can skip checking the > + * capability key length in such cases. > * > * For the RTE_CRYPTO_CIPHER_AES_F8 mode of operation, key.data > will > * point to a concatenation of the AES encryption key followed by a > diff --git a/lib/librte_cryptodev/rte_cryptodev.c > b/lib/librte_cryptodev/rte_cryptodev.c > index e02e001325..a84cd745f9 100644 > --- a/lib/librte_cryptodev/rte_cryptodev.c > +++ b/lib/librte_cryptodev/rte_cryptodev.c > @@ -619,6 +619,8 @@ rte_cryptodev_get_feature_name(uint64_t flag) > return "NON_BYTE_ALIGNED_DATA"; > case RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS: > return "CIPHER_MULTIPLE_DATA_UNITS"; > + case RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY: > + return "CIPHER_WRAPPED_KEY"; > default: > return NULL; > } > diff --git a/lib/librte_cryptodev/rte_cryptodev.h > b/lib/librte_cryptodev/rte_cryptodev.h > index c274e208ed..a823831065 100644 > --- a/lib/librte_cryptodev/rte_cryptodev.h > +++ b/lib/librte_cryptodev/rte_cryptodev.h > @@ -476,6 +476,8 @@ rte_cryptodev_asym_get_xform_enum(enum > rte_crypto_asym_xform_type *xform_enum, > /**< Support accelerator specific symmetric raw data-path APIs */ > #define RTE_CRYPTODEV_FF_CIPHER_MULTIPLE_DATA_UNITS (1ULL << 25) > /**< Support operations on multiple data-units message */ > +#define RTE_CRYPTODEV_FF_CIPHER_WRAPPED_KEY (1ULL << 26) > +/**< Support wrapped key in cipher xform */ >=20 > /** > * Get the name of a crypto device feature flag > -- > 2.25.1