From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E0134A0032 for ; Tue, 31 May 2022 08:14:02 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6DA60400EF; Tue, 31 May 2022 08:14:02 +0200 (CEST) Received: from APC01-PSA-obe.outbound.protection.outlook.com (mail-psaapc01on2046.outbound.protection.outlook.com [40.107.255.46]) by mails.dpdk.org (Postfix) with ESMTP id E83D0400D6 for ; Tue, 31 May 2022 08:14:00 +0200 (CEST) ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=YwebJgcTGcqb8nMDDIRuJvQZrM+ccsCECIclt0nsCBtbAj+xiDzczGLMyk5v8789EJrYU8dgZtSw5ydzpuL4D3yLCVvJuBeRwBRdzpmVpOeuKK/zDkaQpet9B/HUv/WHOz7C/zvyNggUxVMhXRPNWxO69SFrTgssvdDP2I6Hk3irsWGaiSLurSdeXco2v6b+0821VlH09Bc7hqnUZlPlza2zlk5xtFD7wG6oexH7NW7F9CIOpYGiwKELC25uzeDHJmzF4yIeCSNQ5TtuxfL9GffqpOhL1gbe70DBVGB3Z06HxnBLLi1d6ny6zqxJngEvNLz8nUnOE34XAQy99aKdxQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+SqFLNi24TPeeRHGIInyUFt/c3NV8vyGY3bvU1ffr3A=; b=Vhr1wmATMzrkhWNVzMyVD4WsVy08E/zuCe2iFDZSZVO86SbvLxHOHdkaM41wzSFx91VIBfbwltkYRZwgkZuwtIJT8/yHNMawFOARvVkpHfI4fP+3VmO5HapbLhrxxuotOWUTLpAYYlydEEe2NJeXNjy9h9aPVA7/X2PE7z0UyUEc/1VCMcEc+KyUwBeAeCRkKnVzEpjwElaZRMN6p5OxxK9lxSN7nx4Mzg4fHQzb2AtOShbGnPkJMEfjJKXuf9/el3rRCKkYFgLAbQEB6yhYSQqq0TU7ld2AzyFk5tqIVxr/eZMyD69z53XU39xOTWPBrsjp+INbBpGw70tXv12E0w== ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 54.79.123.149) smtp.rcpttodomain=intel.com smtp.mailfrom=tatacommunications.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=tatacommunications.com; dkim=pass (signature was verified) header.d=tatacommunications.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=tatacommunications.com] dkim=[1,1,header.d=tatacommunications.com] dmarc=[1,1,header.from=tatacommunications.com]) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tatacommunications.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+SqFLNi24TPeeRHGIInyUFt/c3NV8vyGY3bvU1ffr3A=; b=kvQEW3yOlARO8MK9IY9oQ5gl23b+cT5Uue0CTRlV/02W2ZOm23Vu+wHs8uANRDk3t6I8/XcWmuycrmiTUaR2ZsT5MDHQu5zMdnAJ6D5UfKV2cVB8X9G5vcPlzl8m5KCQgEDlgFT5Ie6i8XOhXghjj5kEm+WK4z32QVM4UDGOLcZl62GHE4vAcZSi/QIgcIDatdss1o+X8T2OgTjAINgoXC4Rm4aEwD2WVCdqYMGE4f1m3tLMBQmJPsNgZ3X7EgdAr9MI6l7Mhs/vmw2nyeGvaQWhgxLbC3+H9jQzN6/27DvFfiBWxZen2jlVuMxCM5kvz+2bsLFzvx3t6ed43QlEwA== Received: from SL2P216CA0118.KORP216.PROD.OUTLOOK.COM (2603:1096:101::15) by SL2PR04MB3323.apcprd04.prod.outlook.com (2603:1096:100:38::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5293.13; Tue, 31 May 2022 06:13:57 +0000 Received: from PSAAPC01FT004.eop-APC01.prod.protection.outlook.com (2603:1096:101:0:cafe::d6) by SL2P216CA0118.outlook.office365.com (2603:1096:101::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5293.13 via Frontend Transport; Tue, 31 May 2022 06:13:57 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 54.79.123.149) smtp.mailfrom=tatacommunications.com; dkim=pass (signature was verified) header.d=tatacommunications.com;dmarc=pass action=none header.from=tatacommunications.com; Received-SPF: Pass (protection.outlook.com: domain of tatacommunications.com designates 54.79.123.149 as permitted sender) receiver=protection.outlook.com; client-ip=54.79.123.149; helo=sydapipop-haraka-inline01.vpc-a3a96cc4.ase2.shn; pr=C Received: from sydapipop-haraka-inline01.vpc-a3a96cc4.ase2.shn (54.79.123.149) by PSAAPC01FT004.mail.protection.outlook.com (10.13.38.113) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5293.13 via Frontend Transport; Tue, 31 May 2022 06:13:56 +0000 Received: from APC01-PSA-obe.outbound.protection.outlook.com (mail-psaapc01lp2046.outbound.protection.outlook.com [104.47.26.46]) by sydapipop-haraka-inline01.vpc-a3a96cc4.ase2.shn (Haraka/2.8.24) with ESMTPS id 33C38DA3-1BFF-4A2C-A5DC-248C05DA677D.1 envelope-from (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 verify=FAIL); Tue, 31 May 2022 06:13:53 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=keLrTElq8fBNpbRN6sRfvh1uJJ3rzOmoC+Uc1vB4FRbQoR3/0m+0vRWq4/b9ZuVuJpsxU7yhmzNjU0g4s0n0zaplInMPjawSz/I3/CKucyr+KPTgoG+aXorgSZvT2tzHK6kd+mxN3WpClt92i3b7cNQOhpxagikzBNNofZ1u4aefUoFY8c/5K5rH8ZzOqiIcNVDLojrVR0cxKXPYL0kpiHNg+8xTWtK5Wj5MavUS5u2QXwK0r8nS0Z672wo2TsuXL+F4bkq8CHCDCyvCU/K98v7G8y/xPr5kKeSSgMhfuOjWOtDate1Ib6bkW3wMYqUTrAleMhIeygoLdn+OYLbjNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+SqFLNi24TPeeRHGIInyUFt/c3NV8vyGY3bvU1ffr3A=; b=emDiK+awYlcZbZ//XcX3iYzwOvPbevabc+DS1iNW0m6VFUq9jRkrpzLzvfQ4pJplh1kWFp5MdeTEWThCJsAWn1LxjLYnr3xjHFny65FtYtyPqS4pYtcPo1Vec6u7Gd0rB8Cb0chm25BiC7kNcphVBWyXXurpSbN+NLBfQ/Fk3v06k29Yf5rdL2NYNBKIdPagOV/PofLOnI/L/vF+8OQ6aV4GSMbbwCEniSpIEc5/gPLS5lMx4EBdgScR0WHhBMAChZ/FipZK7X5UL9TBaWpTnenRmHYc+xrJol9pbU0BwE5N4v7QMQqOOTfsZLLfUZA4Wag+0D7QlFvV0i4i5wE9Yg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=tatacommunications.com; dmarc=pass action=none header.from=tatacommunications.com; dkim=pass header.d=tatacommunications.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tatacommunications.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+SqFLNi24TPeeRHGIInyUFt/c3NV8vyGY3bvU1ffr3A=; b=kvQEW3yOlARO8MK9IY9oQ5gl23b+cT5Uue0CTRlV/02W2ZOm23Vu+wHs8uANRDk3t6I8/XcWmuycrmiTUaR2ZsT5MDHQu5zMdnAJ6D5UfKV2cVB8X9G5vcPlzl8m5KCQgEDlgFT5Ie6i8XOhXghjj5kEm+WK4z32QVM4UDGOLcZl62GHE4vAcZSi/QIgcIDatdss1o+X8T2OgTjAINgoXC4Rm4aEwD2WVCdqYMGE4f1m3tLMBQmJPsNgZ3X7EgdAr9MI6l7Mhs/vmw2nyeGvaQWhgxLbC3+H9jQzN6/27DvFfiBWxZen2jlVuMxCM5kvz+2bsLFzvx3t6ed43QlEwA== Received: from PSAPR04MB5516.apcprd04.prod.outlook.com (2603:1096:301:5c::9) by SG2PR04MB2667.apcprd04.prod.outlook.com (2603:1096:4:61::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5293.13; Tue, 31 May 2022 06:13:51 +0000 Received: from PSAPR04MB5516.apcprd04.prod.outlook.com ([fe80::35fb:34da:9cee:9730]) by PSAPR04MB5516.apcprd04.prod.outlook.com ([fe80::35fb:34da:9cee:9730%5]) with mapi id 15.20.5293.019; Tue, 31 May 2022 06:13:51 +0000 From: Balakrishnan K To: "Kusztal, ArkadiuszX" , "users@dpdk.org" Subject: RE: how to use crypto openssl PMD for asymmetric encryption and decryption Thread-Topic: how to use crypto openssl PMD for asymmetric encryption and decryption Thread-Index: Adhul7L76HpVKxCxQgm6OmL7h9++VgACBMowACMLKYAACHjIQAAGYdCQAC24WYAAASZVAAD+ROEAAACJjOAAJcHfkA== Date: Tue, 31 May 2022 06:13:51 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_ActionId=1e9b2051-9f45-4073-b7f5-e6b509538b52; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_ContentBits=0; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_Enabled=true; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_Method=Privileged; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_Name=General-Test; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_SetDate=2022-05-23T11:32:59Z; MSIP_Label_5cbf6393-50e2-4904-bc3e-1804619f2b03_SiteId=20210462-2c5e-4ec8-b3e2-0be950f292ca; Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=tatacommunications.com; X-MS-Office365-Filtering-Correlation-Id: 7ffbaf19-8d78-4747-1c83-08da42ccbf06 x-ms-traffictypediagnostic: SG2PR04MB2667:EE_|PSAAPC01FT004:EE_|SL2PR04MB3323:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: K2ovzuXi+G0CEle2xgQE7Uw69UsS754an74DhnEQrWGFnzOiGWbHgEaYJvTFb5Zjih8NpIImjCunjZE7qaS/faOAfIGTh3PyaOG1T631NUV6R/UAcUcETOATwaZo2uT2iYtSliH0br/Cm9v971vTUmU7EhcWlfjDN3TGG+9AYiYJvg7KqOOT0kstLNc0NDZaTCdOAxkmwqCG2bOVSVa40XRh3XywLOvTkBK8fNBgnEo9w8nra/ZZhN8KqtWjxEFfPgC6viWsX0WZXlIEA5KiHyS7taNBOHx7IsmxdPdwC+gWf6S7vjFr1j55ivE+z6m9jN6ytMjHhbnwgL2aiV/enqA7IcU31udHb9x2J9GMXohD5T/UZf47Z+Md0+GVUKXWtpgF46KE+1SM4Rixu+jsCCIOIe9oJZrNDA13pvSI8dCB+5ap+gppdiJ33IV23aEhtzPRsxdFpf/U+BgHuOYXFiKKbtERk9B9oqOJHL43ywC0yR7N/uQn9SPhlU+HrpH1ut67KVrRvt3/243XPt08uuM252/9Eij/9l+FnbLUeYdhNr+sdGbW477TByMZPFpfURU7bqrJAGJD4dfBbSwhtbxOuw6HhjmuxiJR/lakoUpmPUOGRQ8vShxcpxKaBurJ9/3OvJAd8VZzI7zhOgSJKacYGUoj3VuWcQnZn4LllM7pomkw1+pS2jQ0crWy6BC5i5ZAsS+QBeC/9UI/BmvVClBeP9dLNOwOHg+uwLUzwDM0tK00LbtguazKPJ+AybAnWXT4bK0P/aL9kHo7yhq8RgBGoRGwrvB3x5NY20DfIso= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PSAPR04MB5516.apcprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(508600001)(122000001)(83380400001)(166002)(38070700005)(2906002)(71200400001)(966005)(86362001)(6506007)(9686003)(53546011)(26005)(8676002)(64756008)(66446008)(316002)(110136005)(55016003)(66556008)(66946007)(66476007)(38100700002)(52536014)(5660300002)(9326002)(33656002)(7696005)(8936002)(186003)(76116006); DIR:OUT; SFP:1101; Content-Type: multipart/alternative; boundary="_000_PSAPR04MB5516840F8EEE3C241ACB3F77D6DC9PSAPR04MB5516apcp_" MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SG2PR04MB2667 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=tatacommunications.com; X-SHN-DLP-SCAN: success X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: PSAAPC01FT004.eop-APC01.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: cbd30729-038c-4af1-4eca-08da42ccbb70 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: BhD4sYQkDtSVeUrDaHaEPKt2hdZ4WWmE5KKhcIJLdIharrxC5LFurRYmLln/5ZP9678xqOfyUyuLjPHsf1LX1ZE/fwDZPIDNFE33dkx0P/nwBnBLf5UB9NBo9avzQ05BW0TwDwCYN5HpoWu9ASL5+jYDpKMzTwwpwWK6ST5uXmIPBQv6sbg+dOO0SQDssJvfv1mOFfWcoRVMcuPo5OvqxcJgNjmzK+W/R3KbZfhwEu+phVVLQT85Fk4D+xrUnlqqGrFukTzdAMX2+bHdH0iljAI0KIQnN2wh53AmDQ69OcJNGAKeGN1C2HA11Z2apBXZ11DUtuUjbic6kZdKv2b6CRdF3Yvo+g0vVnGhrwGnuQoDZQ4mcLJayaYFCJuEtGd3147NLp+thuEsmVf1LToGXy5Kg/BE0LfSCQceDzYDqP9bHXeXq2Tvu9HjUQvJijDLZkiqiQIhYA8MTo0gf5Q3GUKn819VSjniuuAKlRkX1W5mrGp70yv/Y0ZXxDCrtoHgsm0qJV6krBFnQysx+pA7MSGJ7mLhCeMxXXtGyK+H807F19jMSPjloGxMEk6HFAsADJ0ZYWRu4bFdXXxy+LGbkZujDQ+c/Es55yuOaSmbjz1EKknqJNvHX7sQyWf4QDGEY8FmvhDXEvQNJD9MvF24IAUuzUbCoeJ/VNtvpfY1JL/jQ4oGjwfeLU3BtfcevMQfs3ZI7q0ccMnfyXVkV/ldNw/ld5tDaUsd6N8RDnHwjOpcVnR9nzmfjLRm4y+dptk55w0hHfI+eexYuaeJmqSijA== X-Forefront-Antispam-Report: CIP:54.79.123.149; CTRY:AU; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:sydapipop-haraka-inline01.vpc-a3a96cc4.ase2.shn; PTR:send1.mail-inline.syd-pop.i-shn.net; CAT:NONE; SFS:(13230001)(4636009)(46966006)(40470700004)(36840700001)(70586007)(33656002)(8676002)(966005)(36860700001)(2906002)(186003)(47076005)(82310400005)(55016003)(70206006)(45080400002)(26005)(30864003)(5660300002)(83380400001)(86362001)(9326002)(6506007)(40460700003)(336012)(8936002)(9686003)(81166007)(52536014)(53546011)(316002)(7696005)(356005)(36906005)(110136005)(508600001)(166002); DIR:OUT; SFP:1101; X-OriginatorOrg: tatacommunications.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 May 2022 06:13:56.4457 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7ffbaf19-8d78-4747-1c83-08da42ccbf06 X-MS-Exchange-CrossTenant-Id: 20210462-2c5e-4ec8-b3e2-0be950f292ca X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=20210462-2c5e-4ec8-b3e2-0be950f292ca; Ip=[54.79.123.149]; Helo=[sydapipop-haraka-inline01.vpc-a3a96cc4.ase2.shn] X-MS-Exchange-CrossTenant-AuthSource: PSAAPC01FT004.eop-APC01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SL2PR04MB3323 X-BeenThere: users@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK usage discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: users-bounces@dpdk.org --_000_PSAPR04MB5516840F8EEE3C241ACB3F77D6DC9PSAPR04MB5516apcp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Arek, How about symmetric Cryptodev encryption . In l2fwd_cryptodev example I could see the packets from Rx queue is fetched= and passed to encryption. Is symmetric encryption , encrypting the entire packets or payload section? Regards, Bala From: Kusztal, ArkadiuszX Sent: 30 May 2022 17:52 To: Balakrishnan K ; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption For the Asym Cryptodev data to be encrypted it totally opaque -> it does no= t hold any information about data provided by the user, except for the algo= rithm parameters of course. So for example for the RSA, data that "asym_op-= >rsa.message.data" points to, will be encrypted up to the size of "asym_op-= >rsa.message.length" (provided size is in scope of possible encryption size= s) regardless if it is TLS or IKE or anything else. From: Balakrishnan K > Sent: Monday, May 30, 2022 1:59 PM To: Kusztal, ArkadiuszX >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Arek, Thanks for your inputs. I wrote the sample application to encrypt the text from a file also decrypt= ing the same. Now next step is to encrypt the incoming packets. I have one basic doubt. During rte_cryptodev_enqueue_burst call with operat= ion type as RTE_CRYPTO_ASYM_OP_ENCRYPT. For the incoming packet. what is being encrypted ,Is it entire packet or the payload(data section) ? Regards, Bala From: Kusztal, ArkadiuszX > Sent: 25 May 2022 16:13 To: Balakrishnan K >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Bala, To fill the below struct do I need to extract Publickey exponent , Private = key exponent etc. [Arek] - yes, you need to convert keys into big-endian unsigned integer. In the file "test_cryptodev_rsa_test_vectors.h" there are few examples. Regards, Arek From: Balakrishnan K > Sent: Wednesday, May 25, 2022 12:08 PM To: Kusztal, ArkadiuszX >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Arek, I have public and private key with me which can be used for encryption/= decryption. To fill the below struct do I need to extract Publickey exponent , Private = key exponent etc. The reason why I am asking is, in openssl for encryption we will use key di= rectly with the exposed API. Example : RSA_private_encrypt(strlen(msg), (unsigned char *)msg, encrypted, rsa, RSA_= PKCS1_PADDING); Here in dpdk the rsa struct looks different . Thanks in advance. struct rte_crypto_rsa_xform { rte_crypto_param n; /**< n - Modulus * Modulus data of RSA operation in Octet-string network * byte order format. */ rte_crypto_param e; /**< e - Public key exponent * Public key exponent used for RSA public key operations in Octet- * string network byte order format. */ enum rte_crypto_rsa_priv_key_type key_type; __extension__ union { rte_crypto_param d; /**< d - Private key exponent * Private key exponent used for RSA * private key operations in * Octet-string network byte order format. */ struct rte_crypto_rsa_priv_key_qt qt; /**< qt - Private key in quintuple format */ }; }; Regards, Bala From: Balakrishnan K Sent: 24 May 2022 17:42 To: Kusztal, ArkadiuszX >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Arek, Thanks for the detailed explanation. Regards, Bala From: Kusztal, ArkadiuszX > Sent: 24 May 2022 14:44 To: Balakrishnan K >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption I should use debug_hexdump(stdout, "encrypted message", asym_op->rsa.cipher.data, asym_op->rsa.cipher.length); to check the encrypted message for the input given? Yes, currently it works this way. The same way output for decryption will b= e placed in asym_op->rsa.message.data and input in asym_op->rsa.cipher.data= . More explanations can be found in rte_crypto_asym.h file https://doc.dpdk.org/api/structrte__crypto__rsa__op__param.html. From: Balakrishnan K > Sent: Tuesday, May 24, 2022 7:24 AM To: Kusztal, ArkadiuszX >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption Hi Arek, Thanks for quick response. I am using resulted output vector to verify the encrypted message. I thought the encrypted data will be in the asym_op->rsa.message.data after= rte_cryptodev_enqueue_burst and rte_cryptodev_enqueue_burst call with oper= ation type RTE_CRYPTO_ASYM_OP_ENCRYPT. So ,I checked the hex_dump of asym_op->rsa.message.data. Code snippet: asym_op =3D result_op->asym; debug_hexdump(stdout, "encrypted message", asym_op->rsa.message.data, asym_op->rsa.message.length); Encrypted data will be placed in asym_op->rsa.cipher.data after crypto oper= ation is my understanding is correct ? I should use debug_hexdump(stdout, "encrypted message", asym_op->rsa.cipher.data, asym_op->rsa.cipher.length); to check the encrypted message for the input given? Regards, Bala From: Kusztal, ArkadiuszX > Sent: 23 May 2022 18:15 To: Balakrishnan K >; users@dpdk.org Subject: RE: how to use crypto openssl PMD for asymmetric encryption and de= cryption CAUTION: This email originated from outside of the organization. Do not cli= ck links or open attachments unless you recognize the sender and know the c= ontent is safe. Hi Bala, Ciphertext will be written into asym_op->rsa.cipher.data (not message.data)= by the PMD, here you are using same address for both hex dumps. Although there is a bug in debug_hexdump in this function which may cause t= his confusion. Plus, the test you are referring is PWCT test (Pairwise conditional test) -= > it will encrypt, then decrypt. Please take a look into this comment in queue_ops_rsa_enc_dec function: /* Use the resulted output as decryption Input vector* So above this line there is an encryption part. Below is decryption. Regards, Arek From: Balakrishnan K > Sent: Monday, May 23, 2022 1:33 PM To: users@dpdk.org Subject: how to use crypto openssl PMD for asymmetric encryption and decryp= tion Hi All, I am new to dpdk. Planning to use openssl crypto PMD for encrypting/decr= ypting the packets. Couldn't find much documents on openssl PMD for asymmetric encryption/decry= ption. Any one please point me in the right document. I have tried to run the test cases wrote for asymmetric crypto using openss= l virtual PMD. But the output of particular test case is same after the encryption done. File : app/test/test_cryptodev_asym.c Test executable: ./app/test/dpdk-test Test case : test_rsa_enc_dec Input given to encryption: message at [0x1894e60], len=3D20 00000000: F8 BA 1A 55 D0 2F 85 AE 96 7B B6 2F B6 CD A8 EB | ...U./...{./...= . 00000010: 7E 78 A0 50 | ~x.P After processing the output also looks like same : encrypted message exist at [0x1894e60], len=3D20 00000000: F8 BA 1A 55 D0 2F 85 AE 96 7B B6 2F B6 CD A8 EB | ...U./...{./...= . 00000010: 7E 78 A0 50 Regards, Bala --_000_PSAPR04MB5516840F8EEE3C241ACB3F77D6DC9PSAPR04MB5516apcp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi Arek,<= o:p>

 &nb= sp; How about symmetric Cryptodev encryption .

In l2fwd_= cryptodev example I could see the packets from Rx queue is fetched and pass= ed to encryption.

Is symmet= ric encryption , encrypting the entire packets or payload section?

&nbs= p;

Regards,<= o:p>

Bala

&nbs= p;

From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
Sent: 30 May 2022 17:52
To: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>; u= sers@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

For the Asym Cryptodev data to be enc= rypted it totally opaque -> it does not hold any information about data = provided by the user, except for the algorithm parameters of course. So for example for the RSA, data that “asym_op= ->rsa.message.data” points to, will be encrypted up to the size of= “asym_op->rsa.message.length” (provided size is in scope of= possible encryption sizes) regardless if it is TLS or IKE or anything else.

 

 

 

From: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>
Sent: Monday, May 30, 2022 1:59 PM
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Arek,

    Thanks for y= our inputs.

I wrote the sample application = to encrypt the text from a file also decrypting the same.=

Now next step is to encrypt the= incoming packets.

I have one basic doubt. During = rte_cryptodev_enqueue_burst call with operation type as RTE_CRYPTO_ASYM_OP_= ENCRYPT.

For the incoming packet.

what is being encrypted ,Is it = entire packet or the payload(data section) ?

 

Regards,

Bala

 

From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
Sent: 25 May 2022 16:13
To: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Bala,

 

To fill the below struct do I need to extract Public= key exponent , Private key exponent etc.

[Arek] – yes, you need to= convert keys into big-endian unsigned integer.

In the file “test_cryptod= ev_rsa_test_vectors.h” there are few examples.

 

Regards,

Arek

 

 

From: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>
Sent: Wednesday, May 25, 2022 12:08 PM
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Arek,

    I have public and private key wit= h me which can be used for encryption/decryption.

 

To fill the below struct do I need to extract Public= key exponent , Private key exponent etc.

The reason why I am asking is, in openssl for encryp= tion we will use key directly with the exposed API.

Example :

 

RSA_private_encrypt(strlen(msg), (unsigned char *)msg, encrypted, rsa, RSA= _PKCS1_PADDING);

 

Here in dpdk the rsa struct looks different .

 

Thanks in advance.

 

struct rte_crypto_rsa_xform {

rte_crypto_param n;

        /**< n= - Modulus

         * M= odulus data of RSA operation in Octet-string network

         * b= yte order format.

         */<= o:p>

 

        rte_crypt= o_param e;

        /**< e= - Public key exponent

         * P= ublic key exponent used for RSA public key operations in Octet-<= /p>

         * s= tring network byte order format.

         */<= o:p>

 

        enum rte_= crypto_rsa_priv_key_type key_type;

 

        __extensi= on__

        union {

        &nbs= p;       rte_crypto_param d;

        &nbs= p;       /**< d - Private key exponent

        &nbs= p;        * Private key exponent used fo= r RSA

        &nbs= p;        * private key operations in

        &nbs= p;        * Octet-string  network b= yte order format.

        &nbs= p;        */

 

        &nbs= p;       struct rte_crypto_rsa_priv_key_qt qt= ;

        &nbs= p;       /**< qt - Private key in quintupl= e format */

        };

};

 

 

Regards,

Bala

From: Balakrishnan K
Sent: 24 May 2022 17:42
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Arek,

  Thanks for the detailed = explanation.

 

Regards,

Bala

 

From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
Sent: 24 May 2022 14:44
To: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

I should use 
debug_hexdump(stdout, "encrypted message&quo=
t;, asym_op->rsa.cipher.data,
        &=
nbsp;           &nbs=
p; asym_op->rsa.cipher.length);
to check the encrypted message for the input give=
n?

 

Yes, currently it works this wa= y. The same way output for decryption will be placed in asym_op->rsa.mes= sage.data and input in asym_op->rsa.cipher.data.

More explanations can be found = in rte_crypto_asym.h file

https://doc.dpdk.org/api/structrte__crypto__rsa__op__param.html.=

 

From: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>
Sent: Tuesday, May 24, 2022 7:24 AM
To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

Hi Arek,

   Thanks for quick r= esponse.

I am using resulted output vect= or to verify the encrypted message.

I thought the encrypted data will be in the asym_op-&g=
t;rsa.message.data after rte_cryptodev_enqueue_burst and rte_cryptodev_enqu=
eue_burst call with operation type RTE_CRYPTO_ASYM_OP_ENCRYPT.
So ,I checked the hex_dump of asym_op->rsa.message.=
data.
 
Code snippet:
asym_op =3D result_op->asym;=

debug_hexdump(stdout, "encrypted message&quo=
t;, asym_op->rsa.message.data,
        &=
nbsp;           &nbs=
p; asym_op->rsa.message.length);
 
 
 
Enc=
rypted data will be placed in asym_op->rsa.c=
ipher.data after crypto operation is my understanding is correct ?
I should use 
debug_hexdump(stdout, "encrypted message&quo=
t;, asym_op->rsa.cipher.data,
        &=
nbsp;           &nbs=
p; asym_op->rsa.cipher.length);
to check the encrypted message for the input give=
n?
 
 
Regards,
Bala 
 

 

From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
Sent: 23 May 2022 18:15
To: Balakrishnan K <Balakrishnan.K1@tatacommunications.com>; users@dpdk.org
Subject: RE: how to use crypto openssl PMD for asymmetric encryption= and decryption

 

CAUTION: This email originated from outside of the organization. = Do not click links or open attachments unless you recognize the sender and know the content is safe. <= /p>

Hi Bala,

 

Ciphertext will be written into= asym_op->rsa.cipher.data (not message.data) by the PMD, here you are us= ing same address for both hex dumps.

Although there is a bug in debu= g_hexdump in this function which may cause this confusion.

 

Plus, the test you are referrin= g is PWCT test (Pairwise conditional test) -> it will encrypt, then decr= ypt.

Please take a look into this co= mment in queue_ops_rsa_enc_dec function:

/* Use the resulted output as d= ecryption Input vector*

So above this line there is an = encryption part.

Below is decryption.  = ;        

 

Regards,

Arek

 

From: Balakrishnan K <Balakrishnan.K1@tatacommunication= s.com>
Sent: Monday, May 23, 2022 1:33 PM
To: us= ers@dpdk.org
Subject: how to use crypto openssl PMD for asymmetric encryption and= decryption

 

Hi All,

   I am new to dpdk. = Planning to use openssl crypto PMD for encrypting/decrypting  the pack= ets.

Couldn’t find much docume= nts on openssl PMD for asymmetric encryption/decryption.

Any one please point me in the = right document.

 

I have tried to run the test ca= ses wrote for asymmetric crypto using openssl virtual PMD.

But the output of particular te= st case is same after the encryption done.

 

File : app/test/test_cryptodev_= asym.c

Test executable: ./app/test/dpd= k-test

Test case : test_rsa_enc_dec

    <= /span>

Input given to encryption:&n= bsp;            &nbs= p;

message at [0x1894e60], len=3D2= 0

00000000: F8 BA 1A 55 D0 2F 85 = AE 96 7B B6 2F B6 CD A8 EB | ...U./...{./....

00000010: 7E 78 A0 50 &nbs= p;            &= nbsp;           &nbs= p;          | ~x.P<= /span>

 

After processing the output = also looks like same :

encrypted message exist at [0x1= 894e60], len=3D20

00000000: F8 BA 1A 55 D0 2F 85 = AE 96 7B B6 2F B6 CD A8 EB | ...U./...{./....

00000010: 7E 78 A0 50

 

 

Regards,

Bala

--_000_PSAPR04MB5516840F8EEE3C241ACB3F77D6DC9PSAPR04MB5516apcp_--