Message ID | 20220427074400.2091-1-arkadiuszx.kusztal@intel.com (mailing list archive) |
---|---|
Headers |
Return-Path: <dev-bounces@dpdk.org> X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4F623A050F; Wed, 27 Apr 2022 09:44:11 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 005D840E78; Wed, 27 Apr 2022 09:44:11 +0200 (CEST) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mails.dpdk.org (Postfix) with ESMTP id C2E6440691 for <dev@dpdk.org>; Wed, 27 Apr 2022 09:44:09 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1651045449; x=1682581449; h=from:to:cc:subject:date:message-id; bh=VOsBpP52wQecXK36qwj+g0g3ya3t5GUXkxuMogJsIok=; b=S0LFZJX+qBLTmBYlCGsMCu9xJLkY/p6d6fHdaRhzl0qtQXVr0pJoDPek +Cf973EpT5zF9t2ddMr+mi/lC1ntUg9IzQHZQApMfhfFTPGYXny9jcvAu DSDN8MNEOCTpmL+h1bSbzsCJlhj95mHuAgXwrfeVCv38qyhn97KrbbTBk it2ZLGXo/0I8JEcjFQx9WkNEu6vaFEQKvsXudlAQv0TkCNdzPrzJplRrD Snhp+5W/N3Bp7N7TE/RPzlD7k9YgkLwNQC1YYLy2/rUJeRw39xF2XUPLc ygVm5PnGve9eNRcxMF1HnZk2aVwOHBnk7k1X/2oFpNd0IbRlVZXttHgG7 Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10329"; a="246414392" X-IronPort-AV: E=Sophos;i="5.90,292,1643702400"; d="scan'208";a="246414392" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Apr 2022 00:44:08 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,292,1643702400"; d="scan'208";a="513562085" Received: from silpixa00400308.ir.intel.com ([10.237.214.95]) by orsmga003.jf.intel.com with ESMTP; 27 Apr 2022 00:44:07 -0700 From: Arek Kusztal <arkadiuszx.kusztal@intel.com> To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal <arkadiuszx.kusztal@intel.com> Subject: [PATCH v4 0/3] cryptodev: move dh type from xform to dh op Date: Wed, 27 Apr 2022 08:43:57 +0100 Message-Id: <20220427074400.2091-1-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.17.1 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions <dev.dpdk.org> List-Unsubscribe: <https://mails.dpdk.org/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://mails.dpdk.org/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <https://mails.dpdk.org/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org |
Series |
cryptodev: move dh type from xform to dh op
|
|
Message
Arkadiusz Kusztal
April 27, 2022, 7:43 a.m. UTC
Operation type (PUBLIC_KEY_GENERATION, SHARED_SECRET) should be free to choose for any operation. One xform/session should be enough to perform both DH operations, if op_type would be xform member, session would have to be to be created twice for the same group. Similar problem would be observed in sessionless case. Additionally, it will help extend DH to support Elliptic Curves. v4: - changed op_type coment - added openssl fix Arek Kusztal (3): cryptodev: move dh type from xform to dh op crypto/openssl: move dh type from xform to dh op test/crypto: move dh type from xform to dh op app/test/test_cryptodev_asym.c | 11 +++--- drivers/crypto/openssl/rte_openssl_pmd.c | 54 ++-------------------------- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 26 -------------- lib/cryptodev/rte_crypto_asym.h | 14 ++++---- 4 files changed, 16 insertions(+), 89 deletions(-)
Comments
> -----Original Message----- > From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com> > Sent: Wednesday, April 27, 2022 8:44 AM > To: dev@dpdk.org > Cc: gakhil@marvell.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>; Kusztal, > ArkadiuszX <arkadiuszx.kusztal@intel.com> > Subject: [PATCH v4 0/3] cryptodev: move dh type from xform to dh op > > Operation type (PUBLIC_KEY_GENERATION, SHARED_SECRET) should > be free to choose for any operation. One xform/session should > be enough to perform both DH operations, if op_type would be xform > member, session would have to be to be created twice for the same > group. Similar problem would be observed in sessionless case. > Additionally, it will help extend DH to support Elliptic Curves. > > v4: > - changed op_type coment > - added openssl fix > > Arek Kusztal (3): > cryptodev: move dh type from xform to dh op > crypto/openssl: move dh type from xform to dh op > test/crypto: move dh type from xform to dh op > > app/test/test_cryptodev_asym.c | 11 +++--- > drivers/crypto/openssl/rte_openssl_pmd.c | 54 ++-------------------------- > drivers/crypto/openssl/rte_openssl_pmd_ops.c | 26 -------------- > lib/cryptodev/rte_crypto_asym.h | 14 ++++---- > 4 files changed, 16 insertions(+), 89 deletions(-) > > -- > 2.13.6 Series-acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Hi Arek, > Operation type (PUBLIC_KEY_GENERATION, SHARED_SECRET) should > be free to choose for any operation. One xform/session should > be enough to perform both DH operations, if op_type would be xform > member, session would have to be to be created twice for the same > group. Similar problem would be observed in sessionless case. > Additionally, it will help extend DH to support Elliptic Curves. > rte_crypto_asym_op_type is moved to rte_crypto_dh_op_param. But why not move to rte_crypto_asym_op? I see that in other ops also, Op_type is there, we can move that out. Right? Also, I see one more potential issue. There is a union of various ops in rte_crypto_asym_op, but how will User identify which one to use. There should be a union to identify which Struct to choose from. > v4: > - changed op_type coment > - added openssl fix > > Arek Kusztal (3): > cryptodev: move dh type from xform to dh op > crypto/openssl: move dh type from xform to dh op > test/crypto: move dh type from xform to dh op > > app/test/test_cryptodev_asym.c | 11 +++--- > drivers/crypto/openssl/rte_openssl_pmd.c | 54 ++-------------------------- > drivers/crypto/openssl/rte_openssl_pmd_ops.c | 26 -------------- > lib/cryptodev/rte_crypto_asym.h | 14 ++++---- > 4 files changed, 16 insertions(+), 89 deletions(-) > > -- > 2.13.6
> -----Original Message----- > From: Akhil Goyal <gakhil@marvell.com> > Sent: Wednesday, April 27, 2022 5:58 PM > To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org > Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com> > Subject: RE: [EXT] [PATCH v4 0/3] cryptodev: move dh type from xform to dh op > > Hi Arek, > > Operation type (PUBLIC_KEY_GENERATION, SHARED_SECRET) should be free > > to choose for any operation. One xform/session should be enough to > > perform both DH operations, if op_type would be xform member, session > > would have to be to be created twice for the same group. Similar > > problem would be observed in sessionless case. > > Additionally, it will help extend DH to support Elliptic Curves. > > > rte_crypto_asym_op_type is moved to rte_crypto_dh_op_param. > But why not move to rte_crypto_asym_op? I see that in other ops also, Op_type > is there, we can move that out. Right? > Yes, we could. Although some of the operations do not use op type (POINT_MULT, MODEX) so we would have to extend asym_op_type to contain RTE_CRYPTO_ASYM_OP_DEFAULT /**< Default operation */. Another proposal was to split op type to: CRYPTO and KEY_EXCHANGE_OP like I described in here: https://patchwork.dpdk.org/project/dpdk/patch/20220407134248.20178-1-arkadiuszx.kusztal@intel.com/ then op stays in algorithm_op. > Also, I see one more potential issue. > There is a union of various ops in rte_crypto_asym_op, but how will User > identify which one to use. There should be a union to identify which Struct to > choose from. Could you show how this union would look like? Normally PMD will reject operations that are incorrectly setup, for example DH_op + ECDSA_xform or incorrect op type like ENCRYPT. > > > > v4: > > - changed op_type coment > > - added openssl fix > > > > Arek Kusztal (3): > > cryptodev: move dh type from xform to dh op > > crypto/openssl: move dh type from xform to dh op > > test/crypto: move dh type from xform to dh op > > > > app/test/test_cryptodev_asym.c | 11 +++--- > > drivers/crypto/openssl/rte_openssl_pmd.c | 54 ++-------------------------- > > drivers/crypto/openssl/rte_openssl_pmd_ops.c | 26 -------------- > > lib/cryptodev/rte_crypto_asym.h | 14 ++++---- > > 4 files changed, 16 insertions(+), 89 deletions(-) > > > > -- > > 2.13.6
Hi Akhil, > -----Original Message----- > From: Kusztal, ArkadiuszX > Sent: Friday, April 29, 2022 8:26 AM > To: Akhil Goyal <gakhil@marvell.com>; dev@dpdk.org > Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com> > Subject: RE: [EXT] [PATCH v4 0/3] cryptodev: move dh type from xform to dh op > > > > > -----Original Message----- > > From: Akhil Goyal <gakhil@marvell.com> > > Sent: Wednesday, April 27, 2022 5:58 PM > > To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org > > Cc: Zhang, Roy Fan <roy.fan.zhang@intel.com> > > Subject: RE: [EXT] [PATCH v4 0/3] cryptodev: move dh type from xform > > to dh op > > > > Hi Arek, > > > Operation type (PUBLIC_KEY_GENERATION, SHARED_SECRET) should be free > > > to choose for any operation. One xform/session should be enough to > > > perform both DH operations, if op_type would be xform member, > > > session would have to be to be created twice for the same group. > > > Similar problem would be observed in sessionless case. > > > Additionally, it will help extend DH to support Elliptic Curves. > > > > > rte_crypto_asym_op_type is moved to rte_crypto_dh_op_param. > > But why not move to rte_crypto_asym_op? I see that in other ops also, > > Op_type is there, we can move that out. Right? > > > Yes, we could. Although some of the operations do not use op type > (POINT_MULT, MODEX) so we would have to extend asym_op_type to contain > RTE_CRYPTO_ASYM_OP_DEFAULT /**< Default operation */. > Another proposal was to split op type to: > CRYPTO and KEY_EXCHANGE_OP > like I described in here: > https://patchwork.dpdk.org/project/dpdk/patch/20220407134248.20178-1- > arkadiuszx.kusztal@intel.com/ > then op stays in algorithm_op. If op_type will eventually be placed in op_param or in asym_op can be changed later, as it is of less importance. I would say first we need to decide if we are going to extend this Diffie Hellman struct to support Elliptic Curves (for Montgomery/Edwards there will be another extension, but it is fine, would be in union). So in this case op_type should not be in xform as: - DH op will be used with EC xform. - We would have to create separate sessions for single group. Then we can add 'point verification' to this or, have separate API structs for all these but then DH would be redundant. > > > Also, I see one more potential issue. > > There is a union of various ops in rte_crypto_asym_op, but how will > > User identify which one to use. There should be a union to identify > > which Struct to choose from. > Could you show how this union would look like? > Normally PMD will reject operations that are incorrectly setup, for example > DH_op + ECDSA_xform or incorrect op type like ENCRYPT. > > > > > > > > v4: > > > - changed op_type coment > > > - added openssl fix > > > > > > Arek Kusztal (3): > > > cryptodev: move dh type from xform to dh op > > > crypto/openssl: move dh type from xform to dh op > > > test/crypto: move dh type from xform to dh op > > > > > > app/test/test_cryptodev_asym.c | 11 +++--- > > > drivers/crypto/openssl/rte_openssl_pmd.c | 54 ++-------------------------- > > > drivers/crypto/openssl/rte_openssl_pmd_ops.c | 26 -------------- > > > lib/cryptodev/rte_crypto_asym.h | 14 ++++---- > > > 4 files changed, 16 insertions(+), 89 deletions(-) > > > > > > -- > > > 2.13.6
Series-acked-by: Kai Ji <kai.ji@intel.com> > -----Original Message----- > From: Arek Kusztal <arkadiuszx.kusztal@intel.com> > Sent: Wednesday, April 27, 2022 8:44 AM > To: dev@dpdk.org > Cc: gakhil@marvell.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>; Kusztal, > ArkadiuszX <arkadiuszx.kusztal@intel.com> > Subject: [PATCH v4 0/3] cryptodev: move dh type from xform to dh op > > Operation type (PUBLIC_KEY_GENERATION, SHARED_SECRET) should be free to > choose for any operation. One xform/session should be enough to perform both > DH operations, if op_type would be xform member, session would have to be to > be created twice for the same group. Similar problem would be observed in > sessionless case. > Additionally, it will help extend DH to support Elliptic Curves. > > v4: > - changed op_type coment > - added openssl fix > > Arek Kusztal (3): > cryptodev: move dh type from xform to dh op > crypto/openssl: move dh type from xform to dh op > test/crypto: move dh type from xform to dh op > > app/test/test_cryptodev_asym.c | 11 +++--- > drivers/crypto/openssl/rte_openssl_pmd.c | 54 ++-------------------------- > drivers/crypto/openssl/rte_openssl_pmd_ops.c | 26 -------------- > lib/cryptodev/rte_crypto_asym.h | 14 ++++---- > 4 files changed, 16 insertions(+), 89 deletions(-) > > -- > 2.13.6