[29/40] cryptodev: add salt length and optional label

Message ID	20220520055445.40063-30-arkadiuszx.kusztal@intel.com (mailing list archive)
State	Changes Requested
Delegated to:	akhil goyal
Headers	show Return-Path: <dev-bounces@dpdk.org> From: Arek Kusztal <arkadiuszx.kusztal@intel.com> To: dev@dpdk.org Cc: gakhil@marvell.com, anoobj@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal <arkadiuszx.kusztal@intel.com> Subject: [PATCH 29/40] cryptodev: add salt length and optional label Date: Fri, 20 May 2022 06:54:34 +0100 Message-Id: <20220520055445.40063-30-arkadiuszx.kusztal@intel.com> In-Reply-To: <20220520055445.40063-1-arkadiuszx.kusztal@intel.com> References: <20220520055445.40063-1-arkadiuszx.kusztal@intel.com> Precedence: list Errors-To: dev-bounces@dpdk.org
Series	cryptodev: rsa, dh, ecdh changes \| expand [00/40] cryptodev: rsa, dh, ecdh changes [01/40] cryptodev: redefine ec group enum [02/40] cryptodev: remove list end enumerators [03/40] test/crypto: remove list end enumerators [04/40] cryptodev: reduce number of comments in asym xform [05/40] test/crypto: removed asym xform none [06/40] cryptodev: separate key exchange operation enum [07/40] crypto/openssl: separate key exchange operation enum [08/40] test/crypto: separate key exchange operation enum [09/40] cryptodev: remove unnecessary zero assignement [10/40] cryptodev: remove comment about using ephemeral key in dsa [11/40] cryptodev: remove asym crypto next xform [12/40] crypto/openssl: remove asym crypto next xform [13/40] test/crypto: remove asym crypto next xform [14/40] app/test-crypto-perf: remove asym crypto next xform [15/40] app/test-eventdev: remove asym crypto next xform [16/40] cryptodev: move dh type from xform to dh op [17/40] crypto/openssl: move dh type from xform to dh op [18/40] test/crypto: move dh type from xform to dh op [19/40] cryptodev: changed order of dh fields [20/40] cryptodev: add elliptic curve diffie hellman [21/40] cryptodev: add public key verify option [22/40] cryptodev: move RSA padding into separate struct [23/40] crypto/qat: move RSA padding into separate struct [24/40] crypto/openssl: move RSA padding into separate struct [25/40] crypto/octeontx: move RSA padding into separate struct [26/40] crypto/cnxk: move RSA padding into separate struct [27/40] common/cpt: move RSA padding into separate struct [28/40] test/crypto: move RSA padding into separate struct [29/40] cryptodev: add salt length and optional label [30/40] cryptodev: reduce rsa struct to only necessary fields [31/40] crypto/qat: reduce rsa struct to only necessary fields [32/40] crypto/openssl: reduce rsa struct to only necessary fields [33/40] crypto/octeontx: reduce rsa struct to only necessary fields [34/40] crypto/cnxk: reduce rsa struct to only necessary fields [35/40] common/cpt: reduce rsa struct to only necessary fields [36/40] test/crypto: reduce rsa struct to only necessary fields [37/40] cryptodev: add asym op flags [38/40] cryptodev: clarify usage of private key in dh [39/40] crypto/openssl: generate dh private key [40/40] test/crypto: added test for dh priv key generation

Message ID

20220520055445.40063-30-arkadiuszx.kusztal@intel.com (mailing list archive)

State

Changes Requested

Delegated to:

akhil goyal

Headers

From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
To: dev@dpdk.org
Cc: gakhil@marvell.com, anoobj@marvell.com, roy.fan.zhang@intel.com,
 Arek Kusztal <arkadiuszx.kusztal@intel.com>
Subject: [PATCH 29/40] cryptodev: add salt length and optional label
Date: Fri, 20 May 2022 06:54:34 +0100
Message-Id: <20220520055445.40063-30-arkadiuszx.kusztal@intel.com>
In-Reply-To: <20220520055445.40063-1-arkadiuszx.kusztal@intel.com>
References: <20220520055445.40063-1-arkadiuszx.kusztal@intel.com>
Precedence: list
Errors-To: dev-bounces@dpdk.org

Series

cryptodev: rsa, dh, ecdh changes | expand

Context	Check	Description
ci/checkpatch	success	coding style OK

Context

Check

Description

ci/checkpatch

success

coding style OK

Commit Message

Kusztal, ArkadiuszX May 20, 2022, 5:54 a.m. UTC

- added salt length and optional label.
Common parameters to PSS and OAEP padding for RSA.
- Fixed hash API in RSA padding.
Now it is specified how hash should be used with
particular RSA padding modes.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/cryptodev/rte_crypto_asym.h | 44 +++++++++++++++++++++++++++++++++++------
 1 file changed, 38 insertions(+), 6 deletions(-)

Comments

Akhil Goyal May 24, 2022, 12:30 p.m. UTC | #1

> - added salt length and optional label.
> Common parameters to PSS and OAEP padding for RSA.

Please add description about how it is expected to be used.

> - Fixed hash API in RSA padding.
> Now it is specified how hash should be used with
> particular RSA padding modes.

I believe this should be a separate patch. Right?
Patch title does not justify this

> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  lib/cryptodev/rte_crypto_asym.h | 44
> +++++++++++++++++++++++++++++++++++------
>  1 file changed, 38 insertions(+), 6 deletions(-)
> 
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 97c3fbee38..c864b8a115 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -205,12 +205,29 @@ struct rte_crypto_rsa_priv_key_qt {
>   */
>  struct rte_crypto_rsa_padding {
>  	enum rte_crypto_rsa_padding_type type;
> -	/**< RSA padding scheme to be used for transform */
> -	enum rte_crypto_auth_algorithm md;

Any specific reason to change the field name?
I think this matches with the next field mgf1md

> -	/**< Hash algorithm to be used for data hash if padding
> -	 * scheme is either OAEP or PSS. Valid hash algorithms
> -	 * are:
> -	 * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
> +	/**< Type of RSA padding */
> +	enum rte_crypto_auth_algorithm hash;
> +	/**<
> +	 * RSA padding hash function
> +	 *
> +	 * When a specific padding type is selected, the following rule apply:
> +	 * - RTE_CRYPTO_RSA_PADDING_NONE:
> +	 * This field is ignored by the PMD
> +	 *
> +	 * - RTE_CRYPTO_RSA_PADDING_PKCS1_5:
> +	 * When signing operation this field is used to determine value
> +	 * of the DigestInfo structure, therefore specifying which algorithm
> +	 * was used to create the message digest.
> +	 * When doing encryption/decryption this field is ignored for this
> +	 * padding type.
> +	 *
> +	 * - RTE_CRYPTO_RSA_PADDING_OAEP
> +	 * This field shall be set with the hash algorithm used
> +	 * in the padding scheme
> +	 *
> +	 * - RTE_CRYPTO_RSA_PADDING_PSS
> +	 * This field shall be set with the hash algorithm used
> +	 * in the padding scheme (and to create the input message digest)
>  	 */
>  	enum rte_crypto_auth_algorithm mgf1md;
>  	/**<
> @@ -220,6 +237,21 @@ struct rte_crypto_rsa_padding {
>  	 * for mask generation. Valid hash algorithms are:
>  	 * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
>  	 */
> +	uint16_t saltlen;
> +	/**<
> +	 * RSA PSS padding salt length
> +	 *
> +	 * Used only when RTE_CRYPTO_RSA_PADDING_PSS padding is
> selected,

Used only when RTE_CRYPTO_RSA_PADDING_PSS is selected,

> +	 * otherwise ignored.
> +	 */
> +	rte_crypto_param label;
> +	/**<
> +	 * RSA OAEP padding optional label
> +	 *
> +	 * Used only when RTE_CRYPTO_RSA_PADDING_OAEP padding is
> selected,

Drop the word padding.

BTW, can this be a union for label and saltlen?
Also can we name them as pss_saltlen and oaep_label?

> +	 * otherwise ignored. If label.data == NULL, a default
> +	 * label (empty string) is used.
> +	 */
>  };
> 
>  /**
> --
> 2.13.6

Kusztal, ArkadiuszX May 24, 2022, 3:14 p.m. UTC | #2

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Tuesday, May 24, 2022 2:30 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>
> Subject: RE: [EXT] [PATCH 29/40] cryptodev: add salt length and optional label
> 
> > - added salt length and optional label.
> > Common parameters to PSS and OAEP padding for RSA.
> 
> Please add description about how it is expected to be used.
> 
> > - Fixed hash API in RSA padding.
> > Now it is specified how hash should be used with particular RSA
> > padding modes.
> 
> I believe this should be a separate patch. Right?
[Arek] +1
> Patch title does not justify this
> 
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> >  lib/cryptodev/rte_crypto_asym.h | 44
> > +++++++++++++++++++++++++++++++++++------
> >  1 file changed, 38 insertions(+), 6 deletions(-)
> >
> > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > b/lib/cryptodev/rte_crypto_asym.h index 97c3fbee38..c864b8a115 100644
> > --- a/lib/cryptodev/rte_crypto_asym.h
> > +++ b/lib/cryptodev/rte_crypto_asym.h
> > @@ -205,12 +205,29 @@ struct rte_crypto_rsa_priv_key_qt {
> >   */
> >  struct rte_crypto_rsa_padding {
> >  	enum rte_crypto_rsa_padding_type type;
> > -	/**< RSA padding scheme to be used for transform */
> > -	enum rte_crypto_auth_algorithm md;
> 
> Any specific reason to change the field name?
> I think this matches with the next field mgf1md
[Arek] - now it aligns with RSA RFC. Both current names comes from the OpenSSL EVP_MD naming, in my rfc initially mgf1md was changed too into:
+enum rte_crypto_mgf {
+	RTE_CRYPTO_MGF_DEFAULT,
+	/**< Default mask generation function */
+	RTE_CRYPTO_MGF_MGF1_SHA1,
+	/**< MGF1 function with SHA1 hash algorithm */
But we do not need to be that conformant with the standard I think, so I have left it out.
As for names it may be 'md' as well, every name is ok if is not excessively long.

> 
> > -	/**< Hash algorithm to be used for data hash if padding
> > -	 * scheme is either OAEP or PSS. Valid hash algorithms
> > -	 * are:
> > -	 * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
> > +	/**< Type of RSA padding */
> > +	enum rte_crypto_auth_algorithm hash;
> > +	/**<
> > +	 * RSA padding hash function
> > +	 *
> > +	 * When a specific padding type is selected, the following rule apply:
> > +	 * - RTE_CRYPTO_RSA_PADDING_NONE:
> > +	 * This field is ignored by the PMD
> > +	 *
> > +	 * - RTE_CRYPTO_RSA_PADDING_PKCS1_5:
> > +	 * When signing operation this field is used to determine value
> > +	 * of the DigestInfo structure, therefore specifying which algorithm
> > +	 * was used to create the message digest.
> > +	 * When doing encryption/decryption this field is ignored for this
> > +	 * padding type.
> > +	 *
> > +	 * - RTE_CRYPTO_RSA_PADDING_OAEP
> > +	 * This field shall be set with the hash algorithm used
> > +	 * in the padding scheme
> > +	 *
> > +	 * - RTE_CRYPTO_RSA_PADDING_PSS
> > +	 * This field shall be set with the hash algorithm used
> > +	 * in the padding scheme (and to create the input message digest)
> >  	 */
> >  	enum rte_crypto_auth_algorithm mgf1md;
> >  	/**<
> > @@ -220,6 +237,21 @@ struct rte_crypto_rsa_padding {
> >  	 * for mask generation. Valid hash algorithms are:
> >  	 * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
> >  	 */
> > +	uint16_t saltlen;
> > +	/**<
> > +	 * RSA PSS padding salt length
> > +	 *
> > +	 * Used only when RTE_CRYPTO_RSA_PADDING_PSS padding is
> > selected,
> 
> Used only when RTE_CRYPTO_RSA_PADDING_PSS is selected,
> 
> > +	 * otherwise ignored.
> > +	 */
> > +	rte_crypto_param label;
> > +	/**<
> > +	 * RSA OAEP padding optional label
> > +	 *
> > +	 * Used only when RTE_CRYPTO_RSA_PADDING_OAEP padding is
> > selected,
> 
> Drop the word padding.
> 
> BTW, can this be a union for label and saltlen?
Yes, will do.
> Also can we name them as pss_saltlen and oaep_label?
Yes, though I am not entirely convinced. These names are unique anyway.
> 
> > +	 * otherwise ignored. If label.data == NULL, a default
> > +	 * label (empty string) is used.
> > +	 */
> >  };
> >
> >  /**
> > --
> > 2.13.6

Akhil Goyal May 25, 2022, 5:57 a.m. UTC | #3

> > > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > > b/lib/cryptodev/rte_crypto_asym.h index 97c3fbee38..c864b8a115 100644
> > > --- a/lib/cryptodev/rte_crypto_asym.h
> > > +++ b/lib/cryptodev/rte_crypto_asym.h
> > > @@ -205,12 +205,29 @@ struct rte_crypto_rsa_priv_key_qt {
> > >   */
> > >  struct rte_crypto_rsa_padding {
> > >  	enum rte_crypto_rsa_padding_type type;
> > > -	/**< RSA padding scheme to be used for transform */
> > > -	enum rte_crypto_auth_algorithm md;
> >
> > Any specific reason to change the field name?
> > I think this matches with the next field mgf1md
> [Arek] - now it aligns with RSA RFC. Both current names comes from the
> OpenSSL EVP_MD naming, in my rfc initially mgf1md was changed too into:
> +enum rte_crypto_mgf {
> +	RTE_CRYPTO_MGF_DEFAULT,
> +	/**< Default mask generation function */
> +	RTE_CRYPTO_MGF_MGF1_SHA1,
> +	/**< MGF1 function with SHA1 hash algorithm */
> But we do not need to be that conformant with the standard I think, so I have
> left it out.
> As for names it may be 'md' as well, every name is ok if is not excessively long.
> 
No strong opinion, you can keep any of them.

> >
> > > -	/**< Hash algorithm to be used for data hash if padding
> > > -	 * scheme is either OAEP or PSS. Valid hash algorithms
> > > -	 * are:
> > > -	 * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
> > > +	/**< Type of RSA padding */
> > > +	enum rte_crypto_auth_algorithm hash;
> > > +	/**<
> > > +	 * RSA padding hash function
> > > +	 *
> > > +	 * When a specific padding type is selected, the following rule apply:
> > > +	 * - RTE_CRYPTO_RSA_PADDING_NONE:
> > > +	 * This field is ignored by the PMD
> > > +	 *
> > > +	 * - RTE_CRYPTO_RSA_PADDING_PKCS1_5:
> > > +	 * When signing operation this field is used to determine value
> > > +	 * of the DigestInfo structure, therefore specifying which algorithm
> > > +	 * was used to create the message digest.
> > > +	 * When doing encryption/decryption this field is ignored for this
> > > +	 * padding type.
> > > +	 *
> > > +	 * - RTE_CRYPTO_RSA_PADDING_OAEP
> > > +	 * This field shall be set with the hash algorithm used
> > > +	 * in the padding scheme
> > > +	 *
> > > +	 * - RTE_CRYPTO_RSA_PADDING_PSS
> > > +	 * This field shall be set with the hash algorithm used
> > > +	 * in the padding scheme (and to create the input message digest)
> > >  	 */
> > >  	enum rte_crypto_auth_algorithm mgf1md;
> > >  	/**<
> > > @@ -220,6 +237,21 @@ struct rte_crypto_rsa_padding {
> > >  	 * for mask generation. Valid hash algorithms are:
> > >  	 * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
> > >  	 */
> > > +	uint16_t saltlen;
> > > +	/**<
> > > +	 * RSA PSS padding salt length
> > > +	 *
> > > +	 * Used only when RTE_CRYPTO_RSA_PADDING_PSS padding is
> > > selected,
> >
> > Used only when RTE_CRYPTO_RSA_PADDING_PSS is selected,
> >
> > > +	 * otherwise ignored.
> > > +	 */
> > > +	rte_crypto_param label;
> > > +	/**<
> > > +	 * RSA OAEP padding optional label
> > > +	 *
> > > +	 * Used only when RTE_CRYPTO_RSA_PADDING_OAEP padding is
> > > selected,
> >
> > Drop the word padding.
> >
> > BTW, can this be a union for label and saltlen?
> Yes, will do.
> > Also can we name them as pss_saltlen and oaep_label?
> Yes, though I am not entirely convinced. These names are unique anyway.
I believe it will improve readability.

> >
> > > +	 * otherwise ignored. If label.data == NULL, a default
> > > +	 * label (empty string) is used.
> > > +	 */
> > >  };
> > >
> > >  /**
> > > --
> > > 2.13.6

diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 97c3fbee38..c864b8a115 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -205,12 +205,29 @@  struct rte_crypto_rsa_priv_key_qt {
  */
 struct rte_crypto_rsa_padding {
 	enum rte_crypto_rsa_padding_type type;
-	/**< RSA padding scheme to be used for transform */
-	enum rte_crypto_auth_algorithm md;
-	/**< Hash algorithm to be used for data hash if padding
-	 * scheme is either OAEP or PSS. Valid hash algorithms
-	 * are:
-	 * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+	/**< Type of RSA padding */
+	enum rte_crypto_auth_algorithm hash;
+	/**<
+	 * RSA padding hash function
+	 *
+	 * When a specific padding type is selected, the following rule apply:
+	 * - RTE_CRYPTO_RSA_PADDING_NONE:
+	 * This field is ignored by the PMD
+	 *
+	 * - RTE_CRYPTO_RSA_PADDING_PKCS1_5:
+	 * When signing operation this field is used to determine value
+	 * of the DigestInfo structure, therefore specifying which algorithm
+	 * was used to create the message digest.
+	 * When doing encryption/decryption this field is ignored for this
+	 * padding type.
+	 *
+	 * - RTE_CRYPTO_RSA_PADDING_OAEP
+	 * This field shall be set with the hash algorithm used
+	 * in the padding scheme
+	 *
+	 * - RTE_CRYPTO_RSA_PADDING_PSS
+	 * This field shall be set with the hash algorithm used
+	 * in the padding scheme (and to create the input message digest)
 	 */
 	enum rte_crypto_auth_algorithm mgf1md;
 	/**<
@@ -220,6 +237,21 @@  struct rte_crypto_rsa_padding {
 	 * for mask generation. Valid hash algorithms are:
 	 * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
 	 */
+	uint16_t saltlen;
+	/**<
+	 * RSA PSS padding salt length
+	 *
+	 * Used only when RTE_CRYPTO_RSA_PADDING_PSS padding is selected,
+	 * otherwise ignored.
+	 */
+	rte_crypto_param label;
+	/**<
+	 * RSA OAEP padding optional label
+	 *
+	 * Used only when RTE_CRYPTO_RSA_PADDING_OAEP padding is selected,
+	 * otherwise ignored. If label.data == NULL, a default
+	 * label (empty string) is used.
+	 */
 };
 
 /**

[29/40] cryptodev: add salt length and optional label

Checks

Commit Message

Comments

Patch