diff mbox series

[38/40] cryptodev: clarify usage of private key in dh

Message ID	20220520055445.40063-39-arkadiuszx.kusztal@intel.com (mailing list archive)
State	Changes Requested, archived
Delegated to:	akhil goyal
Headers	From: Arek Kusztal <arkadiuszx.kusztal@intel.com> To: dev@dpdk.org Cc: gakhil@marvell.com, anoobj@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal <arkadiuszx.kusztal@intel.com> Subject: [PATCH 38/40] cryptodev: clarify usage of private key in dh Date: Fri, 20 May 2022 06:54:43 +0100 Message-Id: <20220520055445.40063-39-arkadiuszx.kusztal@intel.com> In-Reply-To: <20220520055445.40063-1-arkadiuszx.kusztal@intel.com> References: <20220520055445.40063-1-arkadiuszx.kusztal@intel.com> Precedence: list Errors-To: dev-bounces@dpdk.org
Series	cryptodev: rsa, dh, ecdh changes \| [00/40] cryptodev: rsa, dh, ecdh changes [01/40] cryptodev: redefine ec group enum [02/40] cryptodev: remove list end enumerators [03/40] test/crypto: remove list end enumerators [04/40] cryptodev: reduce number of comments in asym xform [05/40] test/crypto: removed asym xform none [06/40] cryptodev: separate key exchange operation enum [07/40] crypto/openssl: separate key exchange operation enum [08/40] test/crypto: separate key exchange operation enum [09/40] cryptodev: remove unnecessary zero assignement [10/40] cryptodev: remove comment about using ephemeral key in dsa [11/40] cryptodev: remove asym crypto next xform [12/40] crypto/openssl: remove asym crypto next xform [13/40] test/crypto: remove asym crypto next xform [14/40] app/test-crypto-perf: remove asym crypto next xform [15/40] app/test-eventdev: remove asym crypto next xform [16/40] cryptodev: move dh type from xform to dh op [17/40] crypto/openssl: move dh type from xform to dh op [18/40] test/crypto: move dh type from xform to dh op [19/40] cryptodev: changed order of dh fields [20/40] cryptodev: add elliptic curve diffie hellman [21/40] cryptodev: add public key verify option [22/40] cryptodev: move RSA padding into separate struct [23/40] crypto/qat: move RSA padding into separate struct [24/40] crypto/openssl: move RSA padding into separate struct [25/40] crypto/octeontx: move RSA padding into separate struct [26/40] crypto/cnxk: move RSA padding into separate struct [27/40] common/cpt: move RSA padding into separate struct [28/40] test/crypto: move RSA padding into separate struct [29/40] cryptodev: add salt length and optional label [30/40] cryptodev: reduce rsa struct to only necessary fields [31/40] crypto/qat: reduce rsa struct to only necessary fields [32/40] crypto/openssl: reduce rsa struct to only necessary fields [33/40] crypto/octeontx: reduce rsa struct to only necessary fields [34/40] crypto/cnxk: reduce rsa struct to only necessary fields [35/40] common/cpt: reduce rsa struct to only necessary fields [36/40] test/crypto: reduce rsa struct to only necessary fields [37/40] cryptodev: add asym op flags [38/40] cryptodev: clarify usage of private key in dh [39/40] crypto/openssl: generate dh private key [40/40] test/crypto: added test for dh priv key generation

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK

Commit Message

Arkadiusz Kusztal May 20, 2022, 5:54 a.m. UTC

  - clarified usage of private key in Diffie-Hellman.
CSRNG capable device should generate private key and then
use it for public key generation.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/cryptodev/rte_crypto_asym.h | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Akhil Goyal May 24, 2022, 12:56 p.m. UTC | #1

> - clarified usage of private key in Diffie-Hellman.
> CSRNG capable device should generate private key and then
> use it for public key generation.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  lib/cryptodev/rte_crypto_asym.h | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 01b1fdd074..a6bb70ca3f 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -459,6 +459,10 @@ struct rte_crypto_dh_op_param {
>  	 * Output generated private key when op_type is
>  	 * DH PRIVATE_KEY_GENERATION
>  	 * Input for RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
> +	 * In case priv_key.length is 0 and op_type is set with
> +	 * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, CSRNG capable
> +	 * device will generate private key and use it for public
> +	 * key generation.

What is expected for the device which does not support this?
How will the application decide?

>  	 */
>  	union {
>  		rte_crypto_uint pub_key;
> --
> 2.13.6

Arkadiusz Kusztal May 24, 2022, 2:30 p.m. UTC | #2

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Tuesday, May 24, 2022 2:56 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>
> Subject: RE: [EXT] [PATCH 38/40] cryptodev: clarify usage of private key in dh
> 
> > - clarified usage of private key in Diffie-Hellman.
> > CSRNG capable device should generate private key and then use it for
> > public key generation.
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> >  lib/cryptodev/rte_crypto_asym.h | 4 ++++
> >  1 file changed, 4 insertions(+)
> >
> > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > b/lib/cryptodev/rte_crypto_asym.h index 01b1fdd074..a6bb70ca3f 100644
> > --- a/lib/cryptodev/rte_crypto_asym.h
> > +++ b/lib/cryptodev/rte_crypto_asym.h
> > @@ -459,6 +459,10 @@ struct rte_crypto_dh_op_param {
> >  	 * Output generated private key when op_type is
> >  	 * DH PRIVATE_KEY_GENERATION
> >  	 * Input for RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
> > +	 * In case priv_key.length is 0 and op_type is set with
> > +	 * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, CSRNG capable
> > +	 * device will generate private key and use it for public
> > +	 * key generation.
> 
> What is expected for the device which does not support this?
> How will the application decide?
[Arek] - it is similar issue as in DSA/ECDSA 'k'. Or we will add some PMD flag to determine if PMD is CSRNG capable or it will be stated in PMD .rst file. If device does not support random, packet will be rejected (send to response queue with NOT_PROCESSED). This comment should probably be added.
> 
> >  	 */
> >  	union {
> >  		rte_crypto_uint pub_key;
> > --
> > 2.13.6

Akhil Goyal May 25, 2022, 6:09 a.m. UTC | #3

> > > - clarified usage of private key in Diffie-Hellman.
> > > CSRNG capable device should generate private key and then use it for
> > > public key generation.
> > >
> > > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > > ---
> > >  lib/cryptodev/rte_crypto_asym.h | 4 ++++
> > >  1 file changed, 4 insertions(+)
> > >
> > > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > > b/lib/cryptodev/rte_crypto_asym.h index 01b1fdd074..a6bb70ca3f 100644
> > > --- a/lib/cryptodev/rte_crypto_asym.h
> > > +++ b/lib/cryptodev/rte_crypto_asym.h
> > > @@ -459,6 +459,10 @@ struct rte_crypto_dh_op_param {
> > >  	 * Output generated private key when op_type is
> > >  	 * DH PRIVATE_KEY_GENERATION
> > >  	 * Input for RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
> > > +	 * In case priv_key.length is 0 and op_type is set with
> > > +	 * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, CSRNG capable
> > > +	 * device will generate private key and use it for public
> > > +	 * key generation.
> >
> > What is expected for the device which does not support this?
> > How will the application decide?
> [Arek] - it is similar issue as in DSA/ECDSA 'k'. Or we will add some PMD flag to
> determine if PMD is CSRNG capable or it will be stated in PMD .rst file. If device
> does not support random, packet will be rejected (send to response queue with
> NOT_PROCESSED). This comment should probably be added.

I believe this can be covered in the capability patch that you are working on.

Arkadiusz Kusztal May 25, 2022, 6:37 a.m. UTC | #4

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Wednesday, May 25, 2022 8:10 AM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>
> Subject: RE: [EXT] [PATCH 38/40] cryptodev: clarify usage of private key in dh
> 
> > > > - clarified usage of private key in Diffie-Hellman.
> > > > CSRNG capable device should generate private key and then use it
> > > > for public key generation.
> > > >
> > > > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > > > ---
> > > >  lib/cryptodev/rte_crypto_asym.h | 4 ++++
> > > >  1 file changed, 4 insertions(+)
> > > >
> > > > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > > > b/lib/cryptodev/rte_crypto_asym.h index 01b1fdd074..a6bb70ca3f
> > > > 100644
> > > > --- a/lib/cryptodev/rte_crypto_asym.h
> > > > +++ b/lib/cryptodev/rte_crypto_asym.h
> > > > @@ -459,6 +459,10 @@ struct rte_crypto_dh_op_param {
> > > >  	 * Output generated private key when op_type is
> > > >  	 * DH PRIVATE_KEY_GENERATION
> > > >  	 * Input for RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
> > > > +	 * In case priv_key.length is 0 and op_type is set with
> > > > +	 * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, CSRNG capable
> > > > +	 * device will generate private key and use it for public
> > > > +	 * key generation.
> > >
> > > What is expected for the device which does not support this?
> > > How will the application decide?
> > [Arek] - it is similar issue as in DSA/ECDSA 'k'. Or we will add some
> > PMD flag to determine if PMD is CSRNG capable or it will be stated in
> > PMD .rst file. If device does not support random, packet will be
> > rejected (send to response queue with NOT_PROCESSED). This comment
> should probably be added.
> 
> I believe this can be covered in the capability patch that you are working on.
+ 1

diff mbox series

Patch

diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 01b1fdd074..a6bb70ca3f 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -459,6 +459,10 @@  struct rte_crypto_dh_op_param {
 	 * Output generated private key when op_type is
 	 * DH PRIVATE_KEY_GENERATION
 	 * Input for RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
+	 * In case priv_key.length is 0 and op_type is set with
+	 * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, CSRNG capable
+	 * device will generate private key and use it for public
+	 * key generation.
 	 */
 	union {
 		rte_crypto_uint pub_key;