From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4C398A0547 for ; Tue, 31 May 2022 09:30:34 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id C636D400EF; Tue, 31 May 2022 09:30:33 +0200 (CEST) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mails.dpdk.org (Postfix) with ESMTP id 3EDCF400D6 for ; Tue, 31 May 2022 09:30:31 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653982231; x=1685518231; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=PyNA3jjLaL+DRAmaOAbQDe4z6Gp7AFFJl5mYdZ7Bf7U=; b=G5377wWcaNLKrfWsOtwmq74BNej/yc7b3TPAECBeyAHmsXoryfZ8QPZQ LC6MoVjIvpb+qb1B39bLl3yvIEaFiBy1IcD7B4CjbuTmh86dbGZxPRo/w an0axahn6ehP8dKZ+8WezZ8AwSbgqVG8k6a6Iod8rgMGZwRjlSb7PtuVJ VH7GQlg3a2lYFWReJh/2fJlTD5hxry5lp4b6VdiLpqTN2zoOkvFo0Oa6/ vaYuhXtEf90kX3POstIekSYa8ggHDNkQJtU+ISDBxPmiM9zUROVnZtlRz hN4FbepOFQjvPRv++Fl+szTubhQ/Af+6Ym8hhlPiao1ORFgeo/147blSC A==; X-IronPort-AV: E=McAfee;i="6400,9594,10363"; a="273977365" X-IronPort-AV: E=Sophos;i="5.91,264,1647327600"; d="scan'208,217";a="273977365" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 May 2022 00:30:30 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,264,1647327600"; d="scan'208,217";a="562204670" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by orsmga002.jf.intel.com with ESMTP; 31 May 2022 00:30:29 -0700 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Tue, 31 May 2022 00:30:29 -0700 Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Tue, 31 May 2022 00:30:28 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Tue, 31 May 2022 00:30:28 -0700 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.174) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Tue, 31 May 2022 00:30:28 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Nxn9w0ll/ZV6vO+g8cwqDSAdRglmI2QRuKpJtE/F346OXlIU9yvnkOMpy28nya/QX19GNONeLUuGu61E2e+11Smd4IBKgRQppOJR2rYKddqTKhVmObE7aJmXvdAVuElGY6fPrs6QwOKflW4GhclunBEP5xIyT8utjRr+vQEl6igzMSZACmAHKtmu/GQriksks6fNz6+lzjCDs3LuaBt5jV5sWpuKPhdAKadrLFdFuem9MzkYx/Ffh0GK0tbgnIZn9iX1JIpFdF4t0eBW+k/UVbF+v4EyYYYTHt8eguZ1Txj7aR2T9KH8oBVkNfU797l93Q5HmsuLbYCoLsG9/1/cuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=l5WQgJWtKKyyAgUYGk2IcQp1yM4Tpro7uwS9+UiTsrw=; b=ieHfgSNMEAdrDbjojMdkXdZQkC+QYr3BL3B/SCpkC1pxUC8NNhCqrulQWjAFhISoWGMesL9i/lqmQMnmBlN5TupdFHMHIZLCsnpA2R0tYotr9XYRTAsk5hrQIzXwOhjdmsGkBn+YV8pQgp5prdT5w+daudF+Y2OFW5DsZANimsn+XEOzxijaaTAdPg2g5MGP4nc7VQrqadgXWeheGHzCIuw4YKBwoD8c0fxcA0TgWkWasBs4mjzcYQTnky/Z3uWie6XvcoWwkmlnZtLnHfIQCM/zyymnHUDO6GyyTaO28svyc+0xCKG4I4oeh4T0ttatIDB4jWuI3MRZl5vFjk/3HQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH0PR11MB5013.namprd11.prod.outlook.com (2603:10b6:510:30::21) by CY5PR11MB6461.namprd11.prod.outlook.com (2603:10b6:930:33::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5293.19; Tue, 31 May 2022 07:30:25 +0000 Received: from PH0PR11MB5013.namprd11.prod.outlook.com ([fe80::c1de:722f:b4f3:91b5]) by PH0PR11MB5013.namprd11.prod.outlook.com ([fe80::c1de:722f:b4f3:91b5%3]) with mapi id 15.20.5293.019; Tue, 31 May 2022 07:30:25 +0000 From: "Kusztal, ArkadiuszX" To: Balakrishnan K , "users@dpdk.org" Subject: RE: how to use crypto openssl PMD for asymmetric encryption and decryption Thread-Topic: how to use crypto openssl PMD for asymmetric encryption and decryption Thread-Index: Adhul7L76HpVKxCxQgm6OmL7h9++VgACBMowACMLKYAACHjIQAAGYdCQAC24WYAAASZVAAD+ROEAAACJjOAAJcHfkAABxnaw Date: Tue, 31 May 2022 07:30:25 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_ActionId=1e9b2051-9f45-4073-b7f5-e6b509538b52; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_ContentBits=0; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_Enabled=true; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_Method=Privileged; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_Name=General-Test; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_SetDate=2022-05-23T11:32:59Z; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_SiteId=20210462-2c5e-4ec8-b3e2-0be950f292ca; dlp-reaction: no-action dlp-version: 11.6.500.17 dlp-product: dlpe-windows authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 6822106f-900a-484f-56c6-08da42d76df5 x-ms-traffictypediagnostic: CY5PR11MB6461:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: A0TxcE0fH/lavSMfq+Y7Lz9E4ifUEsdGoA80xQAbdO8PtX1/cw/82W4XQ3A5OXPfXZB/0b5jeH7u92XobnzvZSRBnBgURk5LqzfRxG98574mtLJ/kRh75teNmOmfApNOPVIW1ZXoZurUP/NxcdQ3bIuqqCeXzUcy4G955tvm5T4r1w8p7vird91pMdCJTt4Qie8Bm0oyPuWNTY13nSmSrEmN0s3wGQ2GdzVXDJDtDSBQh3MGKLp0RF8BOosxeTNlmCMLT+/bbJNq7RSP+S+WxKudf1JRP4M7tzGvyFV824Fb+sZGGymxrdYAkIUttsJdxrEdMkcjUIaZo/snZ4UbfbIxO2GWENrU00F6DLOHYWXSFcrQmnvJwmEJbdWvkdUkeptYwG3Zsz1+kxcQaGQ2dV67jnLSvW1dCCzNBcCU7gxbksHkvwSTpNloiDNTWNbTmEvDzVD0vtkNAvZOl2A4dwuBJIPaSYAau+pUIvaZSHcBeJLUs7LCiUh2fev/4lpCFBQcriAUyChLI5HUkgjG84MicohzRdR9SFVk/GvreP9tJW7ActeIXWmqByQrmGwe/PoICbE4rZeAOC+t6Vx1dGn/LjPII29xF9Sfdt9KEXKsCMfuAZi5M+tqYtaIaK29mYWvcdRHQdehPRbHGNZW15hrZupu7qE6Cv+r+hJt99n1GZYZpt5015dCZxvPpe2O8tlUnHMSB7YrKsUtQ7i+clMpgjDTVBDGpxOLXbQRboz24oNnbpTodJTTiRgCAM9s08FrcYKXQJbdLJurFqIZT8IPeS6Ts5j9hHApcJkSa+Bv97I+hlj0hmyn/JpPYphBROX3ygj3TpY7Hjss7SQboA== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB5013.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(55016003)(53546011)(6506007)(7696005)(9686003)(26005)(110136005)(82960400001)(2906002)(316002)(166002)(38100700002)(9326002)(508600001)(52536014)(8676002)(64756008)(66476007)(8936002)(66446008)(66946007)(66556008)(76116006)(86362001)(71200400001)(21615005)(5660300002)(33656002)(122000001)(38070700005)(186003)(83380400001)(966005); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?TPioVmGIDcfarhM//sWQlMVmITzaezvAKUK0p6Ul4wo3kQ/rtrbaSWt33fMG?= =?us-ascii?Q?qj27VWQs2beReDylfufJZfQCCpZZhcAgKv53tDf6wgV/HKhpCFMaSdDUSttZ?= =?us-ascii?Q?M9qkSy2+MYYCTJY2+EDEaUAFmHI1HNk/yOEYW+mMypWnks+VOkBB6p+PFlZC?= =?us-ascii?Q?umcZBk8weaJTQjRmZN4UtooTQ/mrOWAwg6EMmZvhp98/IoHymZFz8BD+z9BT?= =?us-ascii?Q?7NsOHZxo2PHKC9cgEiAlnZIYwocFhl8ccG7gf09igZ/OfT2uE8EQih1qkI65?= =?us-ascii?Q?WfNk2lDDL0LQSS7O1sBigC7Za9xq30lhpXVrRxpsx/Jtd3mMpM9177mujErA?= =?us-ascii?Q?dXupBGivc3u42zympPsG9lcg+UVOLFsb8bU7wauqBWTzqp4aROfwDkwdH7CR?= =?us-ascii?Q?vJ+HLChIlHYbwniKh1oiFziR9+P0I3sR4JHrQZiMxp63N4jfhzM9kma77tA/?= =?us-ascii?Q?Dg1I1He3+yEF+VFgtpxFraJoREDxLGZ2gD0+bKszPLDA7kZrWl4SMeFtAgwO?= =?us-ascii?Q?zqIl9fgRw2cy5dcU7gcXTTJVnJ5kqDBjtwla2dou5b9P2029SEpPHz6xcbiB?= =?us-ascii?Q?4v55Rvcx/IjfIU0WTA+izcGSTtmp8koiwgaXNEBAlFjvyGTEIAoonIIEaYdz?= =?us-ascii?Q?maqSs38njQ69jOLhwiD+MuO34dZlRC/PPBg1yFn+yLkcaUv06LhLl5+wZTk8?= =?us-ascii?Q?hJHy+20KQvI63rkWirPccQ7CeBYiAutqUpJjsIcRn4tNwfSklu0G67HG9SSx?= =?us-ascii?Q?wHlxe/pgzjty0JIf8MUEI909GZ33UOK5rjvoeROGTl54hgvFOa25uVZL5S0n?= =?us-ascii?Q?4dQR2G3HcpYpsW14tf8fDxd70gnbr19zUf4g+Rb1FSn1MEJaXwQnFcgqlMUd?= =?us-ascii?Q?3yB5hOqiX88ybMxJKBB+tUa89xLU6z49stXFRoEsiXgL5e57LXNz4kHQxmAJ?= =?us-ascii?Q?mL9dsf6xrEsXxarZxwZ7ZtOj7bDja0JZg1XP35VaOvSL4e8ljZx6n6Zpbw2d?= =?us-ascii?Q?aVmmwj/lmwDFnJJD3wZMCyQ1zhR16J/DTaZKi3u1UdAYzaqUYG+OuHy0ohZ0?= =?us-ascii?Q?UxveXrA8zvR7+wB+ypGgkBne+Ovm3C+esP21iTHwsaQl2pYhJe95VMw1nmU9?= =?us-ascii?Q?bPIkKj6PznA/BQjCIEFEzesZ1F37ESk1o/nJLUSh53T6vMNlsPsKq/a0L1eo?= =?us-ascii?Q?/9GwtNJUM3B92GuzArH7E7KZTiErcirX+k3PPlG6EHivImjLJeymTdReZuvE?= =?us-ascii?Q?7DAwxR/eb9fhmj74lUI0eOg6xhIymmBCFnnvdrz9IKY+gsQ/ec7CRpTadeNN?= =?us-ascii?Q?OQkvUL10YZ3S1YNLOkxiuEBYn5q7jhpKjcODlVX8yZuTlRNNfAg5/iKUsQEn?= =?us-ascii?Q?HIho/UedIUHZ6NVOkibfgX61VZXFkGqz1Kk5HIzq/T0vAb9cECSBMEsEs8vW?= =?us-ascii?Q?SSggAOAwD78ZEKzH9YEADL60n7PQwmdsaNeG7M0V9S6hLo8xkoicmjgeXj3i?= =?us-ascii?Q?Pt8MkvwXqbk5VKUOeiPUJ57P/d6y7cR5M4CRlZKwcIXwqFpAolwoNRTsWc2x?= =?us-ascii?Q?VkTOfPD5w6V6BZdOjr5UxzDOr0V9Nvo336QFfxOyT/mLO8ztLEDuPZbBWbkW?= =?us-ascii?Q?BLj5eJXNN4LCvPzuS2fhr9DsKpTPqcUZq6XP6Axo/HnrlZSb81F0m6FAh5cS?= =?us-ascii?Q?9NJzOTybCL/dNvfhWOnpU6A3YclhVEZHkcTN0+foFBcY2FRxmghL9e7/EivH?= =?us-ascii?Q?ejBVlhYhEMiCKxuJukH95vldZtWUD3s=3D?= Content-Type: multipart/alternative; boundary="_000_PH0PR11MB5013BB4C487BDD50CD1178F69FDC9PH0PR11MB5013namp_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5013.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6822106f-900a-484f-56c6-08da42d76df5 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 May 2022 07:30:25.6074 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: clyE4mJ7twyT/PAMb80kHM+OO089D61ZF+xnQrog4HIsYqKaAKVG/LLYxnpH6acDbBANxJ4z8tOKBu5Y2Ykj1rF44qi/d8TmOd2LVCtrfNU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR11MB6461 X-OriginatorOrg: intel.com X-BeenThere: users@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK usage discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: users-bounces@dpdk.org --_000_PH0PR11MB5013BB4C487BDD50CD1178F69FDC9PH0PR11MB5013namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Bala, It is similar situation, it is the user who needs to decide where to start = encryption process. Please consult: https://doc.dpdk.org/api/structrte__crypto__sym__op.html https://doc.dpdk.org/guides/prog_guide/cryptodev_lib.html Please look into 'offset' and 'length' fields. P.S. "encrypting the entire packets" -> it is usually not good idea to encr= ypt entire packets -> packets need to know where to travel, though authenti= cation usually is done over the entire packet. P.S. (2) Using asymmetric cryptography for network packet payload encryptio= n is not usually good idea either, not to mention natural performance penal= ty and few additional security issues, size of the encrypted data is usuall= y limited to the size =3D (key size - [additional options | paddings | etc]= ) Regards, Arek From: Balakrishnan K Sent: Tuesday, May 31, 2022 8:14 AM To: Kusztal, ArkadiuszX ; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Arek, How about symmetric Cryptodev encryption . In l2fwd_cryptodev example I could see the packets from Rx queue is fetched= and passed to encryption. Is symmetric encryption , encrypting the entire packets or payload section? Regards, Bala From: Kusztal, ArkadiuszX > Sent: 30 May 2022 17:52 To: Balakrishnan K >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption For the Asym Cryptodev data to be encrypted it totally opaque -> it does no= t hold any information about data provided by the user, except for the algo= rithm parameters of course. So for example for the RSA, data that "asym_op-= >rsa.message.data" points to, will be encrypted up to the size of "asym_op-= >rsa.message.length" (provided size is in scope of possible encryption size= s) regardless if it is TLS or IKE or anything else. From: Balakrishnan K > Sent: Monday, May 30, 2022 1:59 PM To: Kusztal, ArkadiuszX >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Arek, Thanks for your inputs. I wrote the sample application to encrypt the text from a file also decrypt= ing the same. Now next step is to encrypt the incoming packets. I have one basic doubt. During rte_cryptodev_enqueue_burst call with operat= ion type as RTE_CRYPTO_ASYM_OP_ENCRYPT. For the incoming packet. what is being encrypted ,Is it entire packet or the payload(data section) ? Regards, Bala From: Kusztal, ArkadiuszX > Sent: 25 May 2022 16:13 To: Balakrishnan K >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Bala, To fill the below struct do I need to extract Publickey exponent , Private = key exponent etc. [Arek] - yes, you need to convert keys into big-endian unsigned integer. In the file "test_cryptodev_rsa_test_vectors.h" there are few examples. Regards, Arek From: Balakrishnan K > Sent: Wednesday, May 25, 2022 12:08 PM To: Kusztal, ArkadiuszX >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Arek, I have public and private key with me which can be used for encryption/= decryption. To fill the below struct do I need to extract Publickey exponent , Private = key exponent etc. The reason why I am asking is, in openssl for encryption we will use key di= rectly with the exposed API. Example : RSA_private_encrypt(strlen(msg), (unsigned char *)msg, encrypted, rsa, RSA_= PKCS1_PADDING); Here in dpdk the rsa struct looks different . Thanks in advance. struct rte_crypto_rsa_xform { rte_crypto_param n; /**< n - Modulus * Modulus data of RSA operation in Octet-string network * byte order format. */ rte_crypto_param e; /**< e - Public key exponent * Public key exponent used for RSA public key operations in Octet- * string network byte order format. */ enum rte_crypto_rsa_priv_key_type key_type; __extension__ union { rte_crypto_param d; /**< d - Private key exponent * Private key exponent used for RSA * private key operations in * Octet-string network byte order format. */ struct rte_crypto_rsa_priv_key_qt qt; /**< qt - Private key in quintuple format */ }; }; Regards, Bala From: Balakrishnan K Sent: 24 May 2022 17:42 To: Kusztal, ArkadiuszX >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Arek, Thanks for the detailed explanation. Regards, Bala From: Kusztal, ArkadiuszX > Sent: 24 May 2022 14:44 To: Balakrishnan K >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption I should use debug_hexdump(stdout, "encrypted message", asym_op->rsa.cipher.data, asym_op->rsa.cipher.length); to check the encrypted message for the input given? Yes, currently it works this way. The same way output for decryption will b= e placed in asym_op->rsa.message.data and input in asym_op->rsa.cipher.data= . More explanations can be found in rte_crypto_asym.h file https://doc.dpdk.org/api/structrte__crypto__rsa__op__param.html. From: Balakrishnan K > Sent: Tuesday, May 24, 2022 7:24 AM To: Kusztal, ArkadiuszX >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Arek, Thanks for quick response. I am using resulted output vector to verify the encrypted message. I thought the encrypted data will be in the asym_op->rsa.message.data after= rte_cryptodev_enqueue_burst and rte_cryptodev_enqueue_burst call with oper= ation type RTE_CRYPTO_ASYM_OP_ENCRYPT. So ,I checked the hex_dump of asym_op->rsa.message.data. Code snippet: asym_op =3D result_op->asym; debug_hexdump(stdout, "encrypted message", asym_op->rsa.message.data, asym_op->rsa.message.length); Encrypted data will be placed in asym_op->rsa.cipher.data after crypto oper= ation is my understanding is correct ? I should use debug_hexdump(stdout, "encrypted message", asym_op->rsa.cipher.data, asym_op->rsa.cipher.length); to check the encrypted message for the input given? Regards, Bala From: Kusztal, ArkadiuszX > Sent: 23 May 2022 18:15 To: Balakrishnan K >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption CAUTION: This email originated from outside of the organization. Do not cli= ck links or open attachments unless you recognize the sender and know the c= ontent is safe. Hi Bala, Ciphertext will be written into asym_op->rsa.cipher.data (not message.data)= by the PMD, here you are using same address for both hex dumps. Although there is a bug in debug_hexdump in this function which may cause t= his confusion. Plus, the test you are referring is PWCT test (Pairwise conditional test) -= > it will encrypt, then decrypt. Please take a look into this comment in queue_ops_rsa_enc_dec function: /* Use the resulted output as decryption Input vector* So above this line there is an encryption part. Below is decryption. Regards, Arek From: Balakrishnan K > Sent: Monday, May 23, 2022 1:33 PM To: users@dpdk.org Subject: how to use crypto openssl PMD for asymmetric encryption and decryp= tion Hi All, I am new to dpdk. Planning to use openssl crypto PMD for encrypting/decr= ypting the packets. Couldn't find much documents on openssl PMD for asymmetric encryption/decry= ption. Any one please point me in the right document. I have tried to run the test cases wrote for asymmetric crypto using openss= l virtual PMD. But the output of particular test case is same after the encryption done. File : app/test/test_cryptodev_asym.c Test executable: ./app/test/dpdk-test Test case : test_rsa_enc_dec Input given to encryption: message at [0x1894e60], len=3D20 00000000: F8 BA 1A 55 D0 2F 85 AE 96 7B B6 2F B6 CD A8 EB | ...U./...{./...= . 00000010: 7E 78 A0 50 | ~x.P After processing the output also looks like same : encrypted message exist at [0x1894e60], len=3D20 00000000: F8 BA 1A 55 D0 2F 85 AE 96 7B B6 2F B6 CD A8 EB | ...U./...{./...= . 00000010: 7E 78 A0 50 Regards, Bala --_000_PH0PR11MB5013BB4C487BDD50CD1178F69FDC9PH0PR11MB5013namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi Bala,

 

It is similar situation, it is the user who needs to= decide where to start encryption process.

Please consult:

https://doc.dpdk.org/api/structrte__crypto__sym__op.html

https://doc.dpdk.org/guides/prog_guide/cryptodev_lib.html=

Please look into ‘offset’ and ‘len= gth’ fields.

 

P.S. “encrypting the enti= re packets” -> it is usually not good idea to encrypt entire packe= ts -> packets need to know where to travel, though authentication usuall= y is done over the entire packet.

P.S. (2) Using asymmetric crypt= ography for network packet payload encryption is not usually good idea eith= er, not to mention natural performance penalty and few additional security = issues, size of the encrypted data is usually limited to the size =3D (key size – [additional options | pa= ddings | etc])

 

Regards,

Arek

 

From: Balakrishnan K <Balakrishnan.K1@tata= communications.com>
Sent: Tuesday, May 31, 2022 8:14 AM
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; users@= dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Arek,

   How about symmetri= c Cryptodev encryption .

In l2fwd_cryptodev example I co= uld see the packets from Rx queue is fetched and passed to encryption.=

Is symmetric encryption , encry= pting the entire packets or payload section?

 

Regards,

Bala

 

From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
Sent: 30 May 2022 17:52
To: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

For the Asym Cryptodev data to be encrypted it total= ly opaque -> it does not hold any information about data provided by the= user, except for the algorithm parameters of course. So for example for the RSA, data that “asym_op->rsa.me= ssage.data” points to, will be encrypted up to the size of “asy= m_op->rsa.message.length” (provided size is in scope of possible e= ncryption sizes) regardless if it is TLS or IKE or anything else.<= /span>

 

 

 

From: Balakrishnan K <Balakrishnan.K1@tatacommunications.co= m>
Sent: Monday, May 30, 2022 1:59 PM
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Arek,

    Thanks for your inputs.

I wrote the sample application to encrypt the text f= rom a file also decrypting the same.

Now next step is to encrypt the incoming packets.

I have one basic doubt. During rte_cryptodev_enqueue= _burst call with operation type as RTE_CRYPTO_ASYM_OP_ENCRYPT.

For the incoming packet.

what is being encrypted ,Is it entire packet or the = payload(data section) ?

 

Regards,

Bala

 

From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
Sent: 25 May 2022 16:13
To: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Bala,

 

To fill the below struct do I n= eed to extract Publickey exponent , Private key exponent etc.

[Arek] – yes, you need to convert keys into bi= g-endian unsigned integer.

In the file “test_cryptodev_rsa_test_vectors.h= ” there are few examples.

 

Regards,

Arek

 

 

From: Balakrishnan K <Balakrishnan.K1@tatacommunications.co= m>
Sent: Wednesday, May 25, 2022 12:08 PM
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Arek,

    I have publi= c and private key with me which can be used for encryption/decryption.=

 

To fill the below struct do I n= eed to extract Publickey exponent , Private key exponent etc.

The reason why I am asking is, = in openssl for encryption we will use key directly with the exposed API.

Example :

 

RSA_private_encrypt(strlen(msg), (unsigned char *)msg, encr= ypted, rsa, RSA_PKCS1_PADDING);

 

Here in dpdk the rsa struct loo= ks different .

 

Thanks in advance.

 

struct rte_crypto_rsa_xform {

rte_crypto_param n;<= /span>

     &= nbsp;  /**< n - Modulus

     &= nbsp;   * Modulus data of RSA operation in Octet-string network

     &= nbsp;   * byte order format.

     &= nbsp;   */

 

     &= nbsp;  rte_crypto_param e;

     &= nbsp;  /**< e - Public key exponent

     &= nbsp;   * Public key exponent used for RSA public key operations = in Octet-

     &= nbsp;   * string network byte order format.

     &= nbsp;   */

 

     &= nbsp;  enum rte_crypto_rsa_priv_key_type key_type;

 

     &= nbsp;  __extension__

     &= nbsp;  union {

     &= nbsp;          rte_crypto_para= m d;

     &= nbsp;          /**< d - Pri= vate key exponent

     &= nbsp;           * Private= key exponent used for RSA

     &= nbsp;           * private= key operations in

     &= nbsp;           * Octet-s= tring  network byte order format.

     &= nbsp;           */

 

     &= nbsp;          struct rte_cryp= to_rsa_priv_key_qt qt;

     &= nbsp;          /**< qt - Pr= ivate key in quintuple format */

     &= nbsp;  };

};

 

 

Regards,

Bala

From: Balakrishnan K
Sent: 24 May 2022 17:42
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Arek,

  Thanks for the detailed explanation.

 

Regards,

Bala

 

From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
Sent: 24 May 2022 14:44
To: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

I should use 
debug_hexdump(stdout, "encrypted message", asym_op->rsa.c=
ipher.data,
           &nbs=
p;          asym_op->rsa.ci=
pher.length);
to check the encrypted message for the input given?

 

Yes, currently it works this way. The same way outpu= t for decryption will be placed in asym_op->rsa.message.data and input i= n asym_op->rsa.cipher.data.

More explanations can be found in rte_crypto_asym.h = file

https://doc.dp= dk.org/api/structrte__crypto__rsa__op__param.html.

 

From: Balakrishnan K <Balakrishnan.K1@tatacommunications.co= m>
Sent: Tuesday, May 24, 2022 7:24 AM
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Arek,

   Thanks for quick response.

I am using resulted output vector to verify the encr= ypted message.

I thought the encrypted data will be in the asym_op->rsa.message.d=
ata after rte_cryptodev_enqueue_burst and rte_cryptodev_enqueue_burst call =
with operation type RTE_CRYPTO_ASYM_OP_ENCRYPT.
So ,I checked the hex_dump of asym_op->rsa.message.data.
 
Code snippet:
asym_op =3D result_op->asym;
debug_hexdump(stdout, "encrypted message", asym_op->rsa.m=
essage.data,
           &nbs=
p;          asym_op->rsa.me=
ssage.length);
 
 
 
Encrypted data will be placed in asym_op->rsa.cipher.=
data after crypto operation is my understanding is correct ?

I should use 


debug_hexdump(stdout, "encrypted message", asym_op->rsa.c=
ipher.data,


           &nbs=
p;          asym_op->rsa.ci=
pher.length);


to check the encrypted message for the input given?


 


 


Regards,


Bala 


 


 






From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>


Sent: 23 May 2022 18:15

To: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>;
users@dpdk.org

Subject: RE: how to use crypto openssl PMD for asymmetric encryption=
 and decryption






 




CAUTION: This email =
originated from outside of the organization. Do not click links or open att=
achments unless you recognize the sender
 and know the content is safe. 






Hi Bala,


 


Ciphertext will be written into asym_op->rsa.ciph=
er.data (not message.data) by the PMD, here you are using same address for =
both hex dumps.


Although there is a bug in debug_hexdump in this fun=
ction which may cause this confusion.


 


Plus, the test you are referring is PWCT test (Pairw=
ise conditional test) -> it will encrypt, then decrypt.


Please take a look into this comment in queue_ops_rs=
a_enc_dec function:


/* Use the resulted output as decryption Input vecto=
r*


So above this line there is an encryption part.=



Below is decryption.     &n=
bsp;     


 


Regards,


Arek


 








From: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>


Sent: Monday, May 23, 2022 1:33 PM

To: users@dpdk.org

Subject: how to use crypto openssl PMD for asymmetric encryption and=
 decryption






 


Hi All,


   I am new to dpdk. Planning to use opens=
sl crypto PMD for encrypting/decrypting  the packets.


Couldn’t find much documents on openssl PMD fo=
r asymmetric encryption/decryption.


Any one please point me in the right document.<=
/o:p>


 


I have tried to run the test cases wrote for asymmet=
ric crypto using openssl virtual PMD.


But the output of particular test case is same after=
 the encryption done.


 


File : app/test/test_cryptodev_asym.c


Test executable: ./app/test/dpdk-test


Test case : test_rsa_enc_dec


    


Input given to encryption:    =
;          


message at [0x1894e60], len=3D20


00000000: F8 BA 1A 55 D0 2F 85 AE 96 7B B6 2F B6 CD =
A8 EB | ...U./...{./....


00000010: 7E 78 A0 50     &=
nbsp;           &nbs=
p;            &=
nbsp;      | ~x.P


 


After processing the output also looks like same =
:


encrypted message exist at [0x1894e60], len=3D20


00000000: F8 BA 1A 55 D0 2F 85 AE 96 7B B6 2F B6 CD =
A8 EB | ...U./...{./....


00000010: 7E 78 A0 50


 


 


Regards,


Bala
--_000_PH0PR11MB5013BB4C487BDD50CD1178F69FDC9PH0PR11MB5013namp_--