From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 282A0A034F; Tue, 28 Dec 2021 09:58:59 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B594F40040; Tue, 28 Dec 2021 09:58:58 +0100 (CET) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mails.dpdk.org (Postfix) with ESMTP id 450794003C; Tue, 28 Dec 2021 09:58:55 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1640681937; x=1672217937; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=cVKMwTbqenGT6sDXNBA3mR0UcjKhTWLr0TGivw7fU3c=; b=R1rfEGP8yEiqEQWB+IUoSe636+7jNtq/5mcrU6EjkEpUh0RJVJP5abpK KjX0u28H3aanhUwQqE7XKHmJNN9Mqas2gZj5iC2ZhuURWJJsadsTNqzBO 415bjaHKCWFQkkLu1pMMWHKAkQyYez5tPUiR7+sVleaqUw5y/bOdYwtMA pOlMK6dy8qxUpyIfiVTTvfPrYTZaXhDOmeTKg9iOqtbiA5m5hwhfK9l/f vEg+wH8vxf072w2sDV1i/3WenSS7SPYj5HrFcBDCNhOir8W24d94ul5w8 ym1BpGSHnJEBsvKjA6nXACCesAW+p06WEHwdQ9XvdlRPZziVYMbprv+7Y A==; X-IronPort-AV: E=McAfee;i="6200,9189,10210"; a="304695956" X-IronPort-AV: E=Sophos;i="5.88,242,1635231600"; d="scan'208";a="304695956" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Dec 2021 00:58:53 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,242,1635231600"; d="scan'208";a="615589825" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by fmsmga002.fm.intel.com with ESMTP; 28 Dec 2021 00:58:53 -0800 Received: from fmsmsx609.amr.corp.intel.com (10.18.126.89) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Tue, 28 Dec 2021 00:58:52 -0800 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx609.amr.corp.intel.com (10.18.126.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20 via Frontend Transport; Tue, 28 Dec 2021 00:58:51 -0800 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (104.47.51.44) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.20; Tue, 28 Dec 2021 00:58:43 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eHBxIjT3Hx+mJj529dX2fAPZoLAm9JM3UGPOg/rlzAeZ9dtqKmRnUbpfdlB/tyR1zm5qm1BI3S7EshAJ7vxtXRzI8aii1fnS8lrh4Wgvo9l3FdqodRBf271JreAcFx9JPacEhmvy5xoosQlsZibK9xSjeBH5wz9A9WMj51ac6KDVvkVVHqQVYG7S+Ll+0PCh+4vG+FrLjuQwYoEKbCrc05xsAaT4lY5v8eLDEWA1vCqSCgVUEyDJVT8U8fo/2g7L0k3FK1litYPCepSrymk4cwhP/nvyXLqz8IpXlu2SdFgXPC51W27SMn8AvLexuF8vjyfMB7g3RJSt8yfSN7uovw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZKjzqRnQ0aQcgN+2T2C1uUFS5YdYLFpUFWu5qrp3gtI=; b=T0qjJvHkorQk2dhc6mo2Lgg2FKqQlb6e+DHoa8Mt+JUFDP40YvcWHcQMssAjDjhu3a8IkElYbc3dfMgmsKKPLn7pK1H3wKpRNN1Zn79rdKTYdembrc7rKQqRD4i49OCV2ZUB0nBs53z1jNGSvujF5GDmOT0tkdjKAXygn4cP29TFKLEAJNoMg5K/HTosdaTOXlSktePyzBZzzTHYfRK57trn+Z6v3b4+yokir+dCdWyG/JTGNhVsnRT0KMASQo2L/Mok3MejKcCXzUbnSXOioVgacQBRvMm9vnt1QOGZhcQqAk4tdMgdkuDYZM+I9Wlkl4pPoJznuWTzjZKfjqKhOg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH0PR11MB5013.namprd11.prod.outlook.com (2603:10b6:510:30::21) by PH0PR11MB4824.namprd11.prod.outlook.com (2603:10b6:510:38::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4823.18; Tue, 28 Dec 2021 08:58:34 +0000 Received: from PH0PR11MB5013.namprd11.prod.outlook.com ([fe80::119f:7b25:561b:1c72]) by PH0PR11MB5013.namprd11.prod.outlook.com ([fe80::119f:7b25:561b:1c72%6]) with mapi id 15.20.4823.023; Tue, 28 Dec 2021 08:58:34 +0000 From: "Kusztal, ArkadiuszX" To: Ramkumar Balu , Akhil Goyal , Anoob Joseph , "Doherty, Declan" , "Zhang, Roy Fan" , "Ankur Dwivedi" , Tejasree Kondoj CC: "stable@dpdk.org" , "dev@dpdk.org" Subject: RE: [PATCH 0/5] cryptodev: fix inconsistency in RSA op usage Thread-Topic: [PATCH 0/5] cryptodev: fix inconsistency in RSA op usage Thread-Index: AQHX5Q2w0lB3XeISpUig0XSQwlfoA6xHwrYA Date: Tue, 28 Dec 2021 08:58:34 +0000 Message-ID: References: <20211129095159.16376-1-rbalu@marvell.com> In-Reply-To: <20211129095159.16376-1-rbalu@marvell.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-reaction: no-action dlp-version: 11.6.200.16 dlp-product: dlpe-windows authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 557f608e-6b43-42f8-92df-08d9c9e03aa7 x-ms-traffictypediagnostic: PH0PR11MB4824:EE_ x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7691; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Ium5lEBNgBq7oMgMz2AboYf8spV3zaJqOuWsIG3604RkO2I8j5uB6G71FEBoNUhEKy3hh/vcQV0gr6lG1W4qORHXklsbEc2aCbJ4QuM70PcW4AkevA+0yky/bB7KIvSowZ/ydU0ZkKhL23tiLWlK/ipQ4InaDNEm78DGYkgqXVyOJu9cegJaYvoDQJYyxnwSHPfjWSob1AsjyWOmanvEP8LKDHbj06DgCkfjRZv4q6S7VVNFe5NkTaVDwR4OIYZSEb7T84LPNpLDBd8r/idIDM22JoBUcWIiXXPqwiCq6SBa1Ro2MSlRBYlz5K2k8fwv6rW2fHKmLPtvds/MrRbho2AoFmgYU3u/JDdRQ6FRsGL+pBI6cp8ZXlu0rRSEo1AA6Fo0lCxA4NeI1h6SXN8+hBtJhP5DptiW3TyeTpiSghtoh8sZZVRGzDNF0SuYrtzXCVEXV4Je9uf0Le2wHPUt+q6Aa232Bjb1L4SqZB7wYPFTwcu4JT6/9kwrZ8vFVr40Cl5pCmWU92V1Gh2KaiP7pXrje6wIQb2I0G+IB0WreLR+P1ykcp1fLspiXe+LclgtBwNPMK9IRFXlPJ8XwD8gCCTH1sV7DDaAepcCqRoIkTArksXTM4s0OP6XoBhuVggVwlMcwTTaMxYR0ArpjUfTitV7Ebx0cd2xq+bvoTf6mzh94pxJPdXTULSPdzG64loYYHgLwdTrYIo9nXJ22kyfSw== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB5013.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(71200400001)(55016003)(54906003)(8936002)(186003)(26005)(7696005)(8676002)(52536014)(122000001)(66446008)(4326008)(6506007)(66946007)(83380400001)(53546011)(86362001)(5660300002)(508600001)(64756008)(76116006)(66556008)(2906002)(38100700002)(110136005)(316002)(82960400001)(38070700005)(9686003)(66476007)(33656002); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?NGsQBwWw5IiPl4mBuX1pBlFXFZ6zpBzRT417DqxsmcOFkd2T+rmr95OXAXkV?= =?us-ascii?Q?3S6O0WcZ2IFa8KxRIDYRw8GJUaZ7njQecmeY62rhtmruhAufQutDkZ9RPnk9?= =?us-ascii?Q?BMQELBGwmh2+KVKiRAuY3PnaBgZVlrySQhxGKq+WjyBtd8nwn6osKe/KqY63?= =?us-ascii?Q?ntD0eUB4uRyBoXVr/PE3SHwaDucOJ8ZG0/06J7kooGoGB8iAm3BW54R7SKMq?= =?us-ascii?Q?4+6f7VESrmoWEWJlvFxxoibFTHce6NSJJFFrX25O4E5RmHf8Ho3mVQk1M+yg?= =?us-ascii?Q?0wztwYXFOQ1RBZVx5u9GsxQrtGYwC9+1oa2WwJzD77v2ESWsnGpFwzvHI/2v?= =?us-ascii?Q?qQ/XeFPsevvrtoz6FmLS7aQITnzgDPvchfcFTIBw/o9jTGu/kRDknLVGee0p?= =?us-ascii?Q?GmzOHdq4vATeZMLaqtYh+85VQZWOrzVerR3rnJJNYOgdwK26Ajaq0aeovjWG?= =?us-ascii?Q?+Vg/jLYkCy7tHl03ItAU68QQMrp1xArkgsw97MBeeYigrtXh1L14st0fp/d3?= =?us-ascii?Q?0G5SG7o0Ga8F09D6JGIliN6SJ3+TWyBecvfsl7WZB19wL9/DiL1xXkv/fqM8?= =?us-ascii?Q?s3aoW6Rzx0XIOq6BL90v9auJT8iSACLKGksyhEW37ondwqqGwAm6RYM+iCFC?= =?us-ascii?Q?M3ewmKjHh2ciFQplSnhfMdyV4m4A7yenxa3HRI4r2fKnB3ps9lYdy3GRIasl?= =?us-ascii?Q?cq81zMV5er24Pl18rueS7TuYLLD/OZco7IUW+ORVQD/dN3xbMtE/bV7BVy8z?= =?us-ascii?Q?LictQyWN8AgqbqpeM1OLuTEqmwwqHFsta1LH65LyHPih9uNnGoLa57ycjwH5?= =?us-ascii?Q?N2qv+bg4JBpBIpw2rRGSOhcIclC9aw9DccUyL/zkCBuWfzsIpB7jPP9h80Uo?= =?us-ascii?Q?3lW5+oLrZEurc1weiJ0lEDdw94a4JfwE+lBr6eLAWpSjwtu8L1PeHcDWlhlq?= =?us-ascii?Q?gv9twet3qIdthMu9nmlxL5xSr1u7XlDICx+kd6KRrlR5ojKyLBxPbbjWrh9R?= =?us-ascii?Q?nwjKebuhG3EQR7CnT72qpdw4KieEuwcRGJLA6FIjEdURkWIekR8jBzxXBE8G?= =?us-ascii?Q?V2cUd6RuqEsvB3vN/2xkDOg1EWIrd5dpMtXFdKTfQPceN8s/p86XPjewxmxB?= =?us-ascii?Q?Ccbgy2Y+jyvp0kDvv2xwDKai7eglDfa6d65Fx+bi3a2KGFCQrbWAWpdA68dK?= =?us-ascii?Q?UvVeL7e7Cgm+/9hTHO56YwjAgxavMr1C9hT+/n5Zt8Ga+oDOQWIellFdjEcS?= =?us-ascii?Q?/ULFJtY1K03yDKYycqvzdB7vKucrQBsuPIGTbJHYkXIAFe8pyMqSpMe21g76?= =?us-ascii?Q?kmNaF+KwnJ+gsPfJp6OZCJtLDvQ0K9rJyHd+jxC59cgb8YMVWapXb7sflvsn?= =?us-ascii?Q?ozgF+dl6ECwATrScX3Fi2u+zyRNRdHvUg+lKy8E4aurYqVnvkjEVBiugOQEE?= =?us-ascii?Q?vEN6j6TYvvaA5TLxYTq1wxNiGimib9CuLIzrOCv9jQkI+Y2LnhspRLbhK7qD?= =?us-ascii?Q?AdE2PUoOig1igYImM+4IyM87XiFF4zsQEj7nyzMkTTlb9PLWgUVbL3UcbPg4?= =?us-ascii?Q?nWYPg98tHirNtJneAwjjy4wn+jX6YW9rU2HMl6y/A5rUM2ff/sVC1yE3wA69?= =?us-ascii?Q?Q8pTgm+WJSKUM6bra5vOIoiEI5mckfqvfCva6flh6+Yoc/GM1s2sJ2PqiM3C?= =?us-ascii?Q?GBZmow=3D=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5013.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 557f608e-6b43-42f8-92df-08d9c9e03aa7 X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Dec 2021 08:58:34.2667 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: wkKKAhKUDoS+vxpbS6AB4z+YBK5BW0oyYVSoD/NldllkKtUONLq8mRrdpaLKQUwTPZpRq0XJ5ATwyDnckJjxUNU4Vm8NMUBQRJuSa34NhDo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4824 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Hi Ramkumar, > -----Original Message----- > From: Ramkumar Balu > Sent: Monday, November 29, 2021 10:52 AM > To: Akhil Goyal ; Anoob Joseph ; > Doherty, Declan ; Zhang, Roy Fan > ; Ankur Dwivedi ; Tejasree > Kondoj > Cc: stable@dpdk.org; dev@dpdk.org; Ramkumar > Subject: [PATCH 0/5] cryptodev: fix inconsistency in RSA op usage >=20 > From: Ramkumar >=20 > The RSA verify operation is performed in two stages: 1. decrypt using pub= lic key > (output: plaintext message) 2. Compare resultant plaintext message with t= he > expected plaintext message to verify. (return succ/fail in status field) = Some > applications need the decrypted plaintext (stage 1 result) also to be ret= unred. [Arek] - It should only be the case when NO_PADDING selected (that's why QA= T returns decrypted data, and only because of that), but I would propose to= change it that NO_PADDING signature is not possible -> change it to NO_PAD= DING Private/Public operations (we cannot verify it in PMD anyway as we do = not know padding type). > For reference, OpenSSL also provides similar API (RSA_public_decrypt). [Arek] - this function is not only deprecated but incorrect. It should not = be used for signatures when padding selected. Normally functions that handl= e padding will only return verification status only, not data. >=20 > lib cryptodev API failed to specify a field in 'struct rte_crypto_rsa_op_= param' to > return the plaintext result after public key decryption. It created incon= sistency > among crypto PMDs in returning plaintext during RSA verify. >=20 > Inconsistency in RSA verify, > crypto/octeontx - uses 'sign' field to return plaintext crypto/cnxk - use= s 'sign' > field to return plaintext crypto/openssl - does not return plaintext cryp= to/qat - > uses 'cipher' field to return plaintext test/cryptodev_asym - expects PMD= s to use > 'cipher' field >=20 > Thus, this patch series fixes all usages to only use 'cipher' field for a= bove > described scenario. The 'sign' and 'message' fields are not chosen as th= ey are > used for different purpose under same operation. >=20 > rte_crypto_rsa_op_param struct fields to use for > RTE_CRYPTO_ASYM_OP_VERIFY: > 1. input: rsa.sign - signature to be decrypted or verified 2. input: rsa.= message - > expected plaintext, used to compare 3. output: rsa.cipher - resultant pla= intext > from decryption >=20 >=20 > Ramkumar (5): > cryptodev: fix RSA op cipher field description > crypto/openssl: fix output of RSA verify op > crypto/octeontx: fix output field for RSA verify > crypto/octeontx2: fix output field for RSA verify > crypto/cnxk: fix output field for RSA verify >=20 > drivers/crypto/cnxk/cnxk_ae.h | 15 +++++++++------ > drivers/crypto/octeontx/otx_cryptodev_ops.c | 10 ++++++---- > drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 16 +++++++++------- > drivers/crypto/openssl/rte_openssl_pmd.c | 16 +++++++++++----- > lib/cryptodev/rte_crypto_asym.h | 7 ++++--- > 5 files changed, 39 insertions(+), 25 deletions(-) >=20 > -- > 2.17.1