[EXT] [PATCH 30/40] cryptodev: reduce rsa struct to only necessary fields

Kusztal, ArkadiuszX arkadiuszx.kusztal at intel.com
Tue May 24 17:33:52 CEST 2022

Previous message (by thread): [EXT] [PATCH 30/40] cryptodev: reduce rsa struct to only necessary fields
Next message (by thread): [EXT] [PATCH 30/40] cryptodev: reduce rsa struct to only necessary fields
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


> -----Original Message-----
> From: Akhil Goyal <gakhil at marvell.com>
> Sent: Tuesday, May 24, 2022 2:53 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal at intel.com>; dev at dpdk.org
> Cc: Anoob Joseph <anoobj at marvell.com>; Zhang, Roy Fan
> <roy.fan.zhang at intel.com>
> Subject: RE: [EXT] [PATCH 30/40] cryptodev: reduce rsa struct to only necessary
> fields
> 
> > - reduced rsa struct to only necessary fields.
> > RSA operation is generally used with one input and one output.
> > One exception for this is signature verification, when RSA verify
> > called, both message and signature are inputs, but there is no rsa
> > output except for op status.
> 
> I am not sure if this is the correct renaming of fields.
> 
> You are changing the name of message -> input and Cipher and sign ->
> output/message union. Right?
> 
> I believe this would impact the existing applications and Would create confusion
> as the message was used for input and now it is In union with output.
[Arek] - Yes, this will impact current apps. And yes, message may be confusing.
But main question, is there consensus for the Input - Output approach in RSA? If not I will drop it from v2.
If so, in case SIGNATURE_VERIFY and PADDING_NONE decrypted signature should be placed in message or cipher with no further PMD involvement.

> 
> The logic listed here is looking very complex.
> Please simplify it. Can you try adding comments in the description of struct
> Instead of individual fields.
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal at intel.com>
> > ---
> >  lib/cryptodev/rte_crypto_asym.h | 87
> > +++++++++++++++++++++++----------------
> > --
> >  1 file changed, 50 insertions(+), 37 deletions(-)
> >
> > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > b/lib/cryptodev/rte_crypto_asym.h index c864b8a115..37dd3b9d86 100644
> > --- a/lib/cryptodev/rte_crypto_asym.h
> > +++ b/lib/cryptodev/rte_crypto_asym.h
> > @@ -362,53 +362,66 @@ struct rte_crypto_rsa_op_param {
> >  	enum rte_crypto_asym_op_type op_type;
> >  	/**< Type of RSA operation for transform */
> >
> > -	rte_crypto_param message;
> > +	rte_crypto_param input;
> >  	/**<
> > -	 * Pointer to input data
> > -	 * - to be encrypted for RSA public encrypt.
> > -	 * - to be signed for RSA sign generation.
> > -	 * - to be authenticated for RSA sign verification.
> > +	 * When op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT:
> > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> > +	 * input should only be used along with cryptographically
> > +	 * secure padding scheme.
> > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5
> > +	 * input shall be no longer than public modulus minus 11.
> > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_OAEP
> > +	 * input shall be no longer than public modulus -
> > +	 * 2 * len(hash) - 2.
> > +	 * When op_type == RTE_CRYPTO_ASYM_OP_SIGN:
> >  	 *
> > -	 * Pointer to output data
> > -	 * - for RSA private decrypt.
> > -	 * In this case the underlying array should have been
> > -	 * allocated with enough memory to hold plaintext output
> > -	 * (i.e. must be at least RSA key size). The message.length
> > -	 * field should be 0 and will be overwritten by the PMD
> > -	 * with the decrypted length.
> > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> > +	 * input should only be used along with cryptographically
> > +	 * secure padding scheme.	 *
> > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or
> > +	 * RTE_CRYPTO_RSA_PADDING_PSS
> > +	 * if the RTE_CRYPTO_RSA_FLAG_PT flag is set, input shall contain
> > +	 * the message to be signed, if this flag is not set,
> > +	 * input shall contain the digest of the message to be signed.
> 
> Does it mean if padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or
> RTE_CRYPTO_RSA_PADDING_PSS  and if RTE_CRYPTO_RSA_FLAG_PT flag is set
[Arek] - this one will be out, no one probably will come asking for this functionality anyway.
> 
> >  	 *
> > -	 * All data is in Octet-string network byte order format.
> > -	 */
> > -
> > -	rte_crypto_param cipher;
> > -	/**<
> > -	 * Pointer to input data
> > -	 * - to be decrypted for RSA private decrypt.
> > +	 * When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT:
> >  	 *
> > -	 * Pointer to output data
> > -	 * - for RSA public encrypt.
> > -	 * In this case the underlying array should have been allocated
> > -	 * with enough memory to hold ciphertext output (i.e. must be
> > -	 * at least RSA key size). The cipher.length field should
> > -	 * be 0 and will be overwritten by the PMD with the encrypted length.
> > +	 * Input shall contain previously encrypted RSA message.
> >  	 *
> > -	 * All data is in Octet-string network byte order format.
> > +	 * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
> > +	 *
> > +	 * Input shall contain signature to be verified
> >  	 */
> > -
> > -	rte_crypto_param sign;
> > +	union {
> > +		rte_crypto_param output;
> > +		rte_crypto_param message;
> > +	};
> >  	/**<
> > -	 * Pointer to input data
> > -	 * - to be verified for RSA public decrypt.
> > +	 * When op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT:
> > +	 *
> > +	 * Output shall contain encrypted data, output.length shall
> > +	 * be set to the length of encrypted data.
> > +	 *
> > +	 * When op_type ==
> > RTE_CRYPTO_ASYM_OP_DECRYPT/RTE_CRYPTO_ASYM_OP_SIGN:
> >  	 *
> > -	 * Pointer to output data
> > -	 * - for RSA private encrypt.
> > -	 * In this case the underlying array should have been allocated
> > -	 * with enough memory to hold signature output (i.e. must be
> > -	 * at least RSA key size). The sign.length field should
> > -	 * be 0 and will be overwritten by the PMD with the signature length.
> > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> > +	 * output shall contain decrypted/signed data, but all leading zeros
> > +	 * shall be preserved. Therefore output.length should be
> > +	 * equal to the length of the modulus..
> > +	 * For other types of padding, output should contain
> > +	 * decrypted data, and output.length shall be set to the length
> > +	 * of decrypted data.
> >  	 *
> > -	 * All data is in Octet-string network byte order format.
> > +	 * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
> > +	 *
> > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> > +	 * output shall contain the public key decrypted signature.
> > +	 * All leading zeroes shall be preserved.
> > +	 *
> > +	 * For other padding types, the message should be set with data for the
> > +	 * signature to be compared with.
> >  	 */
> > +
> >  	struct rte_crypto_rsa_padding padding;
> >  	/**< RSA padding information */
> >
> > --
> > 2.13.6

Previous message (by thread): [EXT] [PATCH 30/40] cryptodev: reduce rsa struct to only necessary fields
Next message (by thread): [EXT] [PATCH 30/40] cryptodev: reduce rsa struct to only necessary fields
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list