From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D1DBAA0544 for ; Tue, 7 Jun 2022 06:33:23 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5397A40689; Tue, 7 Jun 2022 06:33:23 +0200 (CEST) Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by mails.dpdk.org (Postfix) with ESMTP id 7609F4021D for ; Tue, 7 Jun 2022 06:33:21 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1654576401; x=1686112401; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=ozA46SZMce2gPZXLK0i76omQbDruMcTgl/Iozc0mu7s=; b=YVb5t19hoQVx4ehfLS+dp894yuwG/QUrxZrCgKg7yLq4nulfY7R6mNsR SpHRafZLw9nedyRQW62/rxp9w5Ndv4Zgm5NYEVGA6JRoMjnRwHdoiwkLL xqSdYStuh0SH1eDgpLv9xoblwbDDZOjQwsSHGTQPH7kokQz7yNFEFoWIb n4lyxfNQ0j9QKFSnzfzIDct8CoH5O0DdYCZ8Lb/NAsnug3AxrRR0irgLn cr09V4e9JsSkM1jmElKIInFPcpxm5s1g8tmnXZQMhQ5ES6T0sMHI2HZKL QHyo2z0EY3jjV6e2nuQI/yF/POfO8pSEf7QvNcEHVwah2DYuu8WQWPAc6 A==; X-IronPort-AV: E=McAfee;i="6400,9594,10370"; a="256543223" X-IronPort-AV: E=Sophos;i="5.91,282,1647327600"; d="scan'208,217";a="256543223" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Jun 2022 21:33:19 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,282,1647327600"; d="scan'208,217";a="609041761" Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by orsmga008.jf.intel.com with ESMTP; 06 Jun 2022 21:33:19 -0700 Received: from fmsmsx607.amr.corp.intel.com (10.18.126.87) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Mon, 6 Jun 2022 21:33:18 -0700 Received: from fmsmsx607.amr.corp.intel.com (10.18.126.87) by fmsmsx607.amr.corp.intel.com (10.18.126.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Mon, 6 Jun 2022 21:33:18 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx607.amr.corp.intel.com (10.18.126.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Mon, 6 Jun 2022 21:33:18 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.176) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Mon, 6 Jun 2022 21:33:15 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NrvJ6tY1b75a+7/tEkmEVx13tM/9LbFlcGX+RjImVYv5onwqYeGaYl/82XwsatCcRHHBd2Ewlw9KUODQKjDVz3KNe++vJM9hOrhNkGwbgtEZDoq3C/1Hf9W6io8vjISX34OZFYirni/fYU51f7+QQ99RlFk1mT3/Jbmc9EnfAOSMKaksbtKAvaANnZL4/+9emJkcLDWBplbV73zquHKSxL1lYcQYveFYaTiSlHLf8Pb0pEhp1Cf3jhbpGm/Ocap29bx/2gNjJ8ssVlLe4Sw0f/I5Z2BPJ6F1aG4HK3T++dZVQgWypIlx7rOqgEjAglvl4/MmO/4s5tzvchvfkb3SCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gF8xeafthVZrDoh+Y6ql+T+0PKVCUaGpKl8IyyBROKE=; b=J0oKzb/RxGo/HFln6ERKopbEEm3aty+IDiIN85yn457RCITvJkLWCfc4o7ZEfSt5KL8PYPEi8QFA5Fv3fhHde3pDWjMxqrpotTIPl5CC0cgxsHkGoQ6/F4qOxxfV33cvfCajnuimbgknRHVz8EgwH0HXhzFaRNNuihv3Tt2HrEGQm4HicpbnNnlQPd0UiUJLdZeUhAVVLDsIpd98BH1/aJkriJgvONTUw1PU/D4Jep4fV/u7gMRORaFSth4u+6/Yf4q8Noeb4pUY4NJBEnKmzc8ml6Yv7ATc579f1gQxFyCPu7gtnnZTwOYwzrCfCMIWCwSOV0Iz+CGOOAxPvLKLpw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH0PR11MB5013.namprd11.prod.outlook.com (2603:10b6:510:30::21) by PH0PR11MB4822.namprd11.prod.outlook.com (2603:10b6:510:39::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5314.13; Tue, 7 Jun 2022 04:33:13 +0000 Received: from PH0PR11MB5013.namprd11.prod.outlook.com ([fe80::c1de:722f:b4f3:91b5]) by PH0PR11MB5013.namprd11.prod.outlook.com ([fe80::c1de:722f:b4f3:91b5%3]) with mapi id 15.20.5314.019; Tue, 7 Jun 2022 04:33:13 +0000 From: "Kusztal, ArkadiuszX" To: Balakrishnan K , "users@dpdk.org" Subject: RE: how to use crypto openssl PMD for asymmetric encryption and decryption Thread-Topic: how to use crypto openssl PMD for asymmetric encryption and decryption Thread-Index: Adhul7L76HpVKxCxQgm6OmL7h9++VgACBMowACMLKYAACHjIQAAGYdCQAC24WYAAASZVAAD+ROEAAACJjOAAJcHfkAABxnawATjS3wAAIXckoA== Date: Tue, 7 Jun 2022 04:33:13 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_ActionId=1e9b2051-9f45-4073-b7f5-e6b509538b52; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_ContentBits=0; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_Enabled=true; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_Method=Privileged; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_Name=General-Test; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_SetDate=2022-05-23T11:32:59Z; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_SiteId=20210462-2c5e-4ec8-b3e2-0be950f292ca; dlp-reaction: no-action dlp-version: 11.6.500.17 dlp-product: dlpe-windows authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 83fc029a-3455-4a31-153d-08da483ed581 x-ms-traffictypediagnostic: PH0PR11MB4822:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: BoBiI4DPRkn+XHtn0zceUSe0cVdD8BUb/8TmbxQuzy4d0tG3giXqUB95hXzuC3lag4PbmKs45Pc7SfNJ0djGn+g65oXJ59j/zwlo5PLEyYxZMSaQIUB/4s1zeiMxKuWurVUnHD8hFYlVd44WF/eLU6GCMbvtlWQn/i0Ttb/VM4cOTU4Mf1r+sWYiaKv5uoBQzOSfF3zsL4/yWTuymu/y6DqOLQR7dePRu1136VTlix6gZdclOLUwzQzXa1ECzSeowrjnszjGkqGwVANp/7vLE0iVmaxjA+y2dcYj/aV73GH2AfbOet+szWw4zIFZNA67opHRkX/zD9xfYD2NagmwqWibqihCQ87i+RoPHiS5MXXbLEVd4+KdB+2K3doPh3BFoLqmN7LN7VkdawRkyFhNJHDMpMDf+PsYvi58Cpo866e/Opz/LLViS148ytiwYoyhT6jLsLK4txzV1P7n8nJzDBiveN94f5XowOT8oJFuqFWi+OV8cNiKbZkJFvNORENiKMJwSQGiWkck/mpQvKpJAC10Hy4kX9zcMF4EjlpeWEEBOXPbuaL7TBEVIDpSc//BUyHKVptqXk+yiCAayLwSEkbbQkFhtnvxzKoDIgXYwEjdMRQmzi3dE4NGEw1gbJvWeBPJqr6DRvV8fg+SeDSwdZQHVCzHQh93m5oVCv/L3GXiVlZEayEDEsHIUI2RHxNLEsFIEJYCtR/n1Bh/cCjbm+YjM3RVBYRA0VsZihNrYlVYpPM2UUnVyWPBhAmlEPk1A5NC45HA8KC7R+yy3wSMq33OvT8T0in3Ua34YDh0cAg6+cltqpjdEMIFD+HQXe5/bmZ9kgzwKIzj5fMIX7xmaQ== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB5013.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(84040400005)(82960400001)(38100700002)(66446008)(66476007)(122000001)(508600001)(8676002)(316002)(76116006)(186003)(64756008)(66946007)(66556008)(71200400001)(55016003)(86362001)(38070700005)(966005)(33656002)(52536014)(83380400001)(30864003)(166002)(9686003)(53546011)(8936002)(26005)(5660300002)(110136005)(2906002)(7696005)(6506007); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?gXemRLDr96QuT5LxwFOWGtUxzI/i6bjv3/+yICpmz+QjZjm2QtnB41ji/sQ1?= =?us-ascii?Q?1fX741EGoZfSzdOK0aILpYTJ3XnIx6PPxiI7BHU2yBiXJdT6ciGpZNdmc73c?= =?us-ascii?Q?zk8sjZM9BhWE8RWprHN3fTFdajpIDAWk5JV+WRRBzSDjHxpsmpkqNUbhI1P7?= =?us-ascii?Q?Ri9RBcZSlQ3ruZKnQxzN0NK95bMUhw0Kqaz5J4vfsRalE6QmWfV8Enu/qG9B?= =?us-ascii?Q?JShsY9xutm1D1yCG/k1KEsB+Rvv9lrgpcZYRlpKOR6zKOy7BnPIkdYdB6RmA?= =?us-ascii?Q?hRdPy5O3mUxX9UENgOxmb0XSjgRc5hPDI1xebvLg9ygKjiPcUbWEetFNRcoB?= =?us-ascii?Q?O5moSaQSjW+AKt07ZIJaoMhN+jM4H392cDFoRerdoYTN8R/94tCO+X5Fp1+6?= =?us-ascii?Q?SHhdE1uNvI8cetZ2hUpGj4lw5K1IJYt3oin4kP1T/mGaIJ1DKDEZk8g9wn0Q?= =?us-ascii?Q?U5D4MBmN00XeYsK6lc5WponOiKurAA0ctxf6KAqs5sw7CnlRvPxeUvxqq908?= =?us-ascii?Q?FgxIpCegyerk2874w6DekX4ejyRX1O2+4EBuG0/IMz7cWdFClVEnS846Nf4S?= =?us-ascii?Q?iiLemNLU1DSjPL1SmvCWNa+ONKi5dn3KpAYxZIeinFCejukDXiPuAnCZLusD?= =?us-ascii?Q?Cvvy6/+pg+F4+FClZecWIyjYVwhcZVJ95KL02uM+BCp2c66HdvXAo1pyACOM?= =?us-ascii?Q?tdYErBQrdeeLk0yYNBMGPA12taa1gKcLS3+0rQBnAOXd3ib3ePn0EDNHnxeY?= =?us-ascii?Q?ElD2rV3J5pKW9c92nVPFZs9mqEvcxvdpCPU34JUrr/cRfHYH794+WiP0JVJW?= =?us-ascii?Q?a7TtxLt2fhU2LO4mxWU/D2pavIEF9glXCY2eKc02nzUTFR/QQ22/GZvK5LfO?= =?us-ascii?Q?wbb3KIQuh3KGHyDW1sZ1YpKbYtRv6eT+M9RQUqPAGLvNFNHtFHE4dUXaJljs?= =?us-ascii?Q?UcgLyrYKcUw28sB07lw+MR5sI78P6Vh+JPA08elruxuVo47X2yYeSTi9lBxj?= =?us-ascii?Q?FEQMIMfdGYu/iwgodnVw2IkIvjS5hOhqG0gWgd/BJ7NQyqKBXE0Eecwavcnq?= =?us-ascii?Q?DsleBU5nX2X9GMfn0jezbsB9vuxgBSwoypHUeUixyuOc6lJkkH5DcAa9A6PD?= =?us-ascii?Q?9Si9YbjKdEzfkzeEm4mFX6JG8XPl1R+fBJ4mCLvKaRTsmVhAI4Z2ppRs8BCH?= =?us-ascii?Q?tJoH+idvR/wtS1h1nZrpnLVj224hdPdfCTjClL71NBFXire1Zlrc9CZxS+/R?= =?us-ascii?Q?h9koUC5VBgAxuIE6o0fM6knkfb6JOGFPCMzDJHWMYhBsUAUlmwhtshvPuJFZ?= =?us-ascii?Q?qPJpMn/1WmOduh1EJXotAciD3wCV6DLg/JoZjSYgTiB345D1ErAf7+bUYLsQ?= =?us-ascii?Q?8xQ/lusvkCSt/AItU30/7CxDLWcwUZRMiqCJTF3i0vtTWKVIGUZRKuK6nnIL?= =?us-ascii?Q?zl+A/Z5y74m/r99cswzl339hFnLnTYrcU8/yauLoZkbUai3WFJzWjOGmSuJh?= =?us-ascii?Q?Snh4rcJG66VJmEUueVdDosON6FeAwpUh0bnsyYPB4USu4N+4IO4g5HGhKHCX?= =?us-ascii?Q?YhhnKbaxe0p+AV0wLQqS/lixfAMfqu3l5ZePt/6lD96kTsG6D7t063nRIdXG?= =?us-ascii?Q?GkIJky2+So0KFGHiXQeNOK9UJsJupYCSpwC7QPw49XvruQ680/rv4VIkNzdk?= =?us-ascii?Q?yfXyNeIWLJBIqgzJkLN2+3ZgKaEbLXpVAN90GY6KioNX8caUqoT8wCnrnYX6?= =?us-ascii?Q?3+mwdWaJ9nR+557b5Iax+rtiY7xU6Rw=3D?= Content-Type: multipart/alternative; boundary="_000_PH0PR11MB50138E211891004BCB9E9F6D9FA59PH0PR11MB5013namp_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5013.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 83fc029a-3455-4a31-153d-08da483ed581 X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jun 2022 04:33:13.3369 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: XFyru7ZVyxgxsVUyo/WITLQc+zsjvlffiy2gBf9xbpNg/ll1KpLezzue+5hlzfunFzrCc9F7ikfRgdPgBdz6bQ4pc6vD1MOZJ8gDinNZXDA= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4822 X-OriginatorOrg: intel.com X-BeenThere: users@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK usage discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: users-bounces@dpdk.org --_000_PH0PR11MB50138E211891004BCB9E9F6D9FA59PH0PR11MB5013namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Please consult, "length" information in rte_crypto_sym_op structure https:/= /doc.dpdk.org/api/structrte__crypto__sym__op.html#aebb70c2aab3407a9f05334c4= 7131a43b. AES-CBC (or any CBC) is a block cipher -> source length should be multiple = of the block size. Since DPDK does not append padding, it is user responsib= ility to make input data multiple of underlying block size. From: Balakrishnan K Sent: Monday, June 6, 2022 2:32 PM To: Kusztal, ArkadiuszX ; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Arik, I have referred the symmetric cryptodev test cases and wrote the sample. I can encrypt the text as given in the example. While trying to change the offset and the length the crypto operation faili= ng with below errors. process_openssl_cipher_encrypt() line 946: Process openssl cipher encrypt f= ailed USER1: Error sending packet for encryption Example: I tried the offset value as 8 and length as 512 encryption failed. Tried offset value as 8 and length as 496 (512-8) encryption working fine. Dose it mean if we change the offset to multiples of 8 same offset value ne= eds to be subtracted from the length (512-8 =3D 496) In my case trying to encrypt the tcp payload the starting offset value is 4= 2 and length of the payload is 82. So, I have set the below value. sym_op->cipher.data.offset =3D 42; (starting point of the data to = be sent for crypto process) sym_op->cipher.data.length =3D 82; (length of the data) encryption process not working. Using cipher_xform.cipher.algo =3D RTE_CRYPTO_CIPHER_AES_CBC; cipher_xform.cipher.op =3D RTE_CRYPTO_CIPHER_OP_ENCRYPT; can you help on this how set the proper offset and the length value. Regards, Bala From: Kusztal, ArkadiuszX > Sent: 31 May 2022 13:00 To: Balakrishnan K >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Bala, It is similar situation, it is the user who needs to decide where to start = encryption process. Please consult: https://doc.dpdk.org/api/structrte__crypto__sym__op.html https://doc.dpdk.org/guides/prog_guide/cryptodev_lib.html Please look into 'offset' and 'length' fields. P.S. "encrypting the entire packets" -> it is usually not good idea to encr= ypt entire packets -> packets need to know where to travel, though authenti= cation usually is done over the entire packet. P.S. (2) Using asymmetric cryptography for network packet payload encryptio= n is not usually good idea either, not to mention natural performance penal= ty and few additional security issues, size of the encrypted data is usuall= y limited to the size =3D (key size - [additional options | paddings | etc]= ) Regards, Arek From: Balakrishnan K > Sent: Tuesday, May 31, 2022 8:14 AM To: Kusztal, ArkadiuszX >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Arek, How about symmetric Cryptodev encryption . In l2fwd_cryptodev example I could see the packets from Rx queue is fetched= and passed to encryption. Is symmetric encryption , encrypting the entire packets or payload section? Regards, Bala From: Kusztal, ArkadiuszX > Sent: 30 May 2022 17:52 To: Balakrishnan K >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption For the Asym Cryptodev data to be encrypted it totally opaque -> it does no= t hold any information about data provided by the user, except for the algo= rithm parameters of course. So for example for the RSA, data that "asym_op-= >rsa.message.data" points to, will be encrypted up to the size of "asym_op-= >rsa.message.length" (provided size is in scope of possible encryption size= s) regardless if it is TLS or IKE or anything else. From: Balakrishnan K > Sent: Monday, May 30, 2022 1:59 PM To: Kusztal, ArkadiuszX >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Arek, Thanks for your inputs. I wrote the sample application to encrypt the text from a file also decrypt= ing the same. Now next step is to encrypt the incoming packets. I have one basic doubt. During rte_cryptodev_enqueue_burst call with operat= ion type as RTE_CRYPTO_ASYM_OP_ENCRYPT. For the incoming packet. what is being encrypted ,Is it entire packet or the payload(data section) ? Regards, Bala From: Kusztal, ArkadiuszX > Sent: 25 May 2022 16:13 To: Balakrishnan K >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Bala, To fill the below struct do I need to extract Publickey exponent , Private = key exponent etc. [Arek] - yes, you need to convert keys into big-endian unsigned integer. In the file "test_cryptodev_rsa_test_vectors.h" there are few examples. Regards, Arek From: Balakrishnan K > Sent: Wednesday, May 25, 2022 12:08 PM To: Kusztal, ArkadiuszX >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Arek, I have public and private key with me which can be used for encryption/= decryption. To fill the below struct do I need to extract Publickey exponent , Private = key exponent etc. The reason why I am asking is, in openssl for encryption we will use key di= rectly with the exposed API. Example : RSA_private_encrypt(strlen(msg), (unsigned char *)msg, encrypted, rsa, RSA_= PKCS1_PADDING); Here in dpdk the rsa struct looks different . Thanks in advance. struct rte_crypto_rsa_xform { rte_crypto_param n; /**< n - Modulus * Modulus data of RSA operation in Octet-string network * byte order format. */ rte_crypto_param e; /**< e - Public key exponent * Public key exponent used for RSA public key operations in Octet- * string network byte order format. */ enum rte_crypto_rsa_priv_key_type key_type; __extension__ union { rte_crypto_param d; /**< d - Private key exponent * Private key exponent used for RSA * private key operations in * Octet-string network byte order format. */ struct rte_crypto_rsa_priv_key_qt qt; /**< qt - Private key in quintuple format */ }; }; Regards, Bala From: Balakrishnan K Sent: 24 May 2022 17:42 To: Kusztal, ArkadiuszX >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Arek, Thanks for the detailed explanation. Regards, Bala From: Kusztal, ArkadiuszX > Sent: 24 May 2022 14:44 To: Balakrishnan K >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption I should use debug_hexdump(stdout, "encrypted message", asym_op->rsa.cipher.data, asym_op->rsa.cipher.length); to check the encrypted message for the input given? Yes, currently it works this way. The same way output for decryption will b= e placed in asym_op->rsa.message.data and input in asym_op->rsa.cipher.data= . More explanations can be found in rte_crypto_asym.h file https://doc.dpdk.org/api/structrte__crypto__rsa__op__param.html. From: Balakrishnan K > Sent: Tuesday, May 24, 2022 7:24 AM To: Kusztal, ArkadiuszX >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Arek, Thanks for quick response. I am using resulted output vector to verify the encrypted message. I thought the encrypted data will be in the asym_op->rsa.message.data after= rte_cryptodev_enqueue_burst and rte_cryptodev_enqueue_burst call with oper= ation type RTE_CRYPTO_ASYM_OP_ENCRYPT. So ,I checked the hex_dump of asym_op->rsa.message.data. Code snippet: asym_op =3D result_op->asym; debug_hexdump(stdout, "encrypted message", asym_op->rsa.message.data, asym_op->rsa.message.length); Encrypted data will be placed in asym_op->rsa.cipher.data after crypto oper= ation is my understanding is correct ? I should use debug_hexdump(stdout, "encrypted message", asym_op->rsa.cipher.data, asym_op->rsa.cipher.length); to check the encrypted message for the input given? Regards, Bala From: Kusztal, ArkadiuszX > Sent: 23 May 2022 18:15 To: Balakrishnan K >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption CAUTION: This email originated from outside of the organization. Do not cli= ck links or open attachments unless you recognize the sender and know the c= ontent is safe. Hi Bala, Ciphertext will be written into asym_op->rsa.cipher.data (not message.data)= by the PMD, here you are using same address for both hex dumps. Although there is a bug in debug_hexdump in this function which may cause t= his confusion. Plus, the test you are referring is PWCT test (Pairwise conditional test) -= > it will encrypt, then decrypt. Please take a look into this comment in queue_ops_rsa_enc_dec function: /* Use the resulted output as decryption Input vector* So above this line there is an encryption part. Below is decryption. Regards, Arek From: Balakrishnan K > Sent: Monday, May 23, 2022 1:33 PM To: users@dpdk.org Subject: how to use crypto openssl PMD for asymmetric encryption and decryp= tion Hi All, I am new to dpdk. Planning to use openssl crypto PMD for encrypting/decr= ypting the packets. Couldn't find much documents on openssl PMD for asymmetric encryption/decry= ption. Any one please point me in the right document. I have tried to run the test cases wrote for asymmetric crypto using openss= l virtual PMD. But the output of particular test case is same after the encryption done. File : app/test/test_cryptodev_asym.c Test executable: ./app/test/dpdk-test Test case : test_rsa_enc_dec Input given to encryption: message at [0x1894e60], len=3D20 00000000: F8 BA 1A 55 D0 2F 85 AE 96 7B B6 2F B6 CD A8 EB | ...U./...{./...= . 00000010: 7E 78 A0 50 | ~x.P After processing the output also looks like same : encrypted message exist at [0x1894e60], len=3D20 00000000: F8 BA 1A 55 D0 2F 85 AE 96 7B B6 2F B6 CD A8 EB | ...U./...{./...= . 00000010: 7E 78 A0 50 Regards, Bala --_000_PH0PR11MB50138E211891004BCB9E9F6D9FA59PH0PR11MB5013namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Please consult, “length” information in = rte_crypto_sym_op structure https://doc.dpdk.org/api/structrte__crypto__sym__op.html#aebb70c2aab3407a9f= 05334c47131a43b.

 

AES-CBC (or any CBC) is a block cipher -> source = length should be multiple of the block size. Since DPDK does not append pad= ding, it is user responsibility to make input data multiple of underlying b= lock size.

 

 

From: Balakrishnan K <Balakrishnan.K1@tata= communications.com>
Sent: Monday, June 6, 2022 2:32 PM
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; users@= dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Arik,

  I have referred the symm= etric cryptodev test cases and wrote the sample.

I can encrypt the text as given= in the example.

While trying to change the offs= et and the length the crypto operation failing with below errors.

 

process_openssl_cipher_encrypt(= ) line 946: Process openssl cipher encrypt failed

USER1: Error sending packet for= encryption

 

Example:

  I tried the offset value= as 8 and length as 512 encryption failed.

Tried offset value as 8 and len= gth as 496 (512-8) encryption working fine.

Dose it mean if we change the o= ffset to multiples of 8 same offset value needs to be subtracted from the l= ength (512-8 =3D 496)

 

In my case trying to encrypt th= e tcp payload the starting offset value is 42 and length of the payload is = 82.

 

So, I have set the below value.=

 

     &= nbsp;  sym_op->cipher.data.offset =3D 42;  (starting point of = the data to be sent for crypto process)

     &= nbsp;  sym_op->cipher.data.length =3D 82; (length of the data)=

 

encryption process not working.=

Using     &= nbsp;   cipher_xform.cipher.algo =3D RTE_CRYPTO_CIPHER_AES_C= BC;

     &= nbsp;  cipher_xform.cipher.op =3D RTE_CRYPTO_CIPHER_OP_ENCRYPT;

 

can you help on this how set th= e proper offset and the length value.

 

Regards,

Bala

 

 

 

From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
Sent: 31 May 2022 13:00
To: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Bala,

 

It is similar situation, it is the user who needs to= decide where to start encryption process.

Please consult:

https://doc.dpdk.org/ap= i/structrte__crypto__sym__op.html

https://doc.dpdk.org= /guides/prog_guide/cryptodev_lib.html

Please look into ‘offset’ and ‘len= gth’ fields.

 

P.S. “encrypting the enti= re packets” -> it is usually not good idea to encrypt entire packe= ts -> packets need to know where to travel, though authentication usuall= y is done over the entire packet.

P.S. (2) Using asymmetric crypt= ography for network packet payload encryption is not usually good idea eith= er, not to mention natural performance penalty and few additional security = issues, size of the encrypted data is usually limited to the size =3D (key size – [additional options | pa= ddings | etc])

 

Regards,

Arek

 

From: Balakrishnan K <Balakrishnan.K1@tatacommunications.co= m>
Sent: Tuesday, May 31, 2022 8:14 AM
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Arek,

   How about symmetri= c Cryptodev encryption .

In l2fwd_cryptodev example I co= uld see the packets from Rx queue is fetched and passed to encryption.=

Is symmetric encryption , encry= pting the entire packets or payload section?

 

Regards,

Bala

 

From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
Sent: 30 May 2022 17:52
To: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

For the Asym Cryptodev data to be encrypted it total= ly opaque -> it does not hold any information about data provided by the= user, except for the algorithm parameters of course. So for example for the RSA, data that “asym_op->rsa.me= ssage.data” points to, will be encrypted up to the size of “asy= m_op->rsa.message.length” (provided size is in scope of possible e= ncryption sizes) regardless if it is TLS or IKE or anything else.<= /span>

 

 

 

From: Balakrishnan K <Balakrishnan.K1@tatacommunications.co= m>
Sent: Monday, May 30, 2022 1:59 PM
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Arek,

    Thanks for your inputs.

I wrote the sample application to encrypt the text f= rom a file also decrypting the same.

Now next step is to encrypt the incoming packets.

I have one basic doubt. During rte_cryptodev_enqueue= _burst call with operation type as RTE_CRYPTO_ASYM_OP_ENCRYPT.

For the incoming packet.

what is being encrypted ,Is it entire packet or the = payload(data section) ?

 

Regards,

Bala

 

From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
Sent: 25 May 2022 16:13
To: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Bala,

 

To fill the below struct do I n= eed to extract Publickey exponent , Private key exponent etc.

[Arek] – yes, you need to convert keys into bi= g-endian unsigned integer.

In the file “test_cryptodev_rsa_test_vectors.h= ” there are few examples.

 

Regards,

Arek

 

 

From: Balakrishnan K <Balakrishnan.K1@tatacommunications.co= m>
Sent: Wednesday, May 25, 2022 12:08 PM
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Arek,

    I have publi= c and private key with me which can be used for encryption/decryption.=

 

To fill the below struct do I n= eed to extract Publickey exponent , Private key exponent etc.

The reason why I am asking is, = in openssl for encryption we will use key directly with the exposed API.

Example :

 

RSA_private_encrypt(strlen(msg), (unsigned char *)msg, encr= ypted, rsa, RSA_PKCS1_PADDING);

 

Here in dpdk the rsa struct loo= ks different .

 

Thanks in advance.

 

struct rte_crypto_rsa_xform {

rte_crypto_param n;<= /span>

     &= nbsp;  /**< n - Modulus

     &= nbsp;   * Modulus data of RSA operation in Octet-string network

     &= nbsp;   * byte order format.

     &= nbsp;   */

 

     &= nbsp;  rte_crypto_param e;

     &= nbsp;  /**< e - Public key exponent

     &= nbsp;   * Public key exponent used for RSA public key operations = in Octet-

     &= nbsp;   * string network byte order format.

     &= nbsp;   */

 

     &= nbsp;  enum rte_crypto_rsa_priv_key_type key_type;

 

     &= nbsp;  __extension__

     &= nbsp;  union {

     &= nbsp;          rte_crypto_para= m d;

     &= nbsp;          /**< d - Pri= vate key exponent

     &= nbsp;           * Private= key exponent used for RSA

     &= nbsp;           * private= key operations in

     &= nbsp;           * Octet-s= tring  network byte order format.

     &= nbsp;           */

 

     &= nbsp;          struct rte_cryp= to_rsa_priv_key_qt qt;

     &= nbsp;          /**< qt - Pr= ivate key in quintuple format */

     &= nbsp;  };

};

 

 

Regards,

Bala

From: Balakrishnan K
Sent: 24 May 2022 17:42
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Arek,

  Thanks for the detailed explanation.

 

Regards,

Bala

 

From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
Sent: 24 May 2022 14:44
To: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

I should use 
debug_hexdump(stdout, "encrypted message", asym_op->rsa.c=
ipher.data,
           &nbs=
p;          asym_op->rsa.ci=
pher.length);
to check the encrypted message for the input given?

 

Yes, currently it works this way. The same way outpu= t for decryption will be placed in asym_op->rsa.message.data and input i= n asym_op->rsa.cipher.data.

More explanations can be found in rte_crypto_asym.h = file

https://doc.dpdk.o= rg/api/structrte__crypto__rsa__op__param.html.

 

From: Balakrishnan K <Balakrishnan.K1@tatacommunications.co= m>
Sent: Tuesday, May 24, 2022 7:24 AM
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Arek,

   Thanks for quick response.

I am using resulted output vector to verify the encr= ypted message.

I thought the encrypted data will be in the asym_op->rsa.message.d=
ata after rte_cryptodev_enqueue_burst and rte_cryptodev_enqueue_burst call =
with operation type RTE_CRYPTO_ASYM_OP_ENCRYPT.
So ,I checked the hex_dump of asym_op->rsa.message.data.
 
Code snippet:
asym_op =3D result_op->asym;
debug_hexdump(stdout, "encrypted message", asym_op->rsa.m=
essage.data,
           &nbs=
p;          asym_op->rsa.me=
ssage.length);
 
 
 
Encrypted data will be placed in asym_op->rsa.cipher.=
data after crypto operation is my understanding is correct ?

I should use 


debug_hexdump(stdout, "encrypted message", asym_op->rsa.c=
ipher.data,


           &nbs=
p;          asym_op->rsa.ci=
pher.length);


to check the encrypted message for the input given?


 


 


Regards,


Bala 


 


 






From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>


Sent: 23 May 2022 18:15

To: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>;
users@dpdk.org

Subject: RE: how to use crypto openssl PMD for asymmetric encryption=
 and decryption






 




CAUTION: This email =
originated from outside of the organization. Do not click links or open att=
achments unless you recognize the sender
 and know the content is safe. 






Hi Bala,


 


Ciphertext will be written into asym_op->rsa.ciph=
er.data (not message.data) by the PMD, here you are using same address for =
both hex dumps.


Although there is a bug in debug_hexdump in this fun=
ction which may cause this confusion.


 


Plus, the test you are referring is PWCT test (Pairw=
ise conditional test) -> it will encrypt, then decrypt.


Please take a look into this comment in queue_ops_rs=
a_enc_dec function:


/* Use the resulted output as decryption Input vecto=
r*


So above this line there is an encryption part.=



Below is decryption.     &n=
bsp;     


 


Regards,


Arek


 








From: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>


Sent: Monday, May 23, 2022 1:33 PM

To: users@dpdk.org

Subject: how to use crypto openssl PMD for asymmetric encryption and=
 decryption






 


Hi All,


   I am new to dpdk. Planning to use opens=
sl crypto PMD for encrypting/decrypting  the packets.


Couldn’t find much documents on openssl PMD fo=
r asymmetric encryption/decryption.


Any one please point me in the right document.<=
/o:p>


 


I have tried to run the test cases wrote for asymmet=
ric crypto using openssl virtual PMD.


But the output of particular test case is same after=
 the encryption done.


 


File : app/test/test_cryptodev_asym.c


Test executable: ./app/test/dpdk-test


Test case : test_rsa_enc_dec


    


Input given to encryption:    =
;          


message at [0x1894e60], len=3D20


00000000: F8 BA 1A 55 D0 2F 85 AE 96 7B B6 2F B6 CD =
A8 EB | ...U./...{./....


00000010: 7E 78 A0 50     &=
nbsp;           &nbs=
p;            &=
nbsp;      | ~x.P


 


After processing the output also looks like same =
:


encrypted message exist at [0x1894e60], len=3D20


00000000: F8 BA 1A 55 D0 2F 85 AE 96 7B B6 2F B6 CD =
A8 EB | ...U./...{./....


00000010: 7E 78 A0 50


 


 


Regards,


Bala
--_000_PH0PR11MB50138E211891004BCB9E9F6D9FA59PH0PR11MB5013namp_--