diff mbox series

[38/40] cryptodev: clarify usage of private key in dh

Message ID 20220520055445.40063-39-arkadiuszx.kusztal@intel.com (mailing list archive)
State Changes Requested
Delegated to: akhil goyal
Headers show
Series cryptodev: rsa, dh, ecdh changes | expand

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Kusztal, ArkadiuszX May 20, 2022, 5:54 a.m. UTC
- clarified usage of private key in Diffie-Hellman.
CSRNG capable device should generate private key and then
use it for public key generation.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/cryptodev/rte_crypto_asym.h | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Akhil Goyal May 24, 2022, 12:56 p.m. UTC | #1
> - clarified usage of private key in Diffie-Hellman.
> CSRNG capable device should generate private key and then
> use it for public key generation.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  lib/cryptodev/rte_crypto_asym.h | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index 01b1fdd074..a6bb70ca3f 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -459,6 +459,10 @@ struct rte_crypto_dh_op_param {
>  	 * Output generated private key when op_type is
>  	 * DH PRIVATE_KEY_GENERATION
>  	 * Input for RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
> +	 * In case priv_key.length is 0 and op_type is set with
> +	 * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, CSRNG capable
> +	 * device will generate private key and use it for public
> +	 * key generation.

What is expected for the device which does not support this?
How will the application decide?

>  	 */
>  	union {
>  		rte_crypto_uint pub_key;
> --
> 2.13.6
Kusztal, ArkadiuszX May 24, 2022, 2:30 p.m. UTC | #2
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Tuesday, May 24, 2022 2:56 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>
> Subject: RE: [EXT] [PATCH 38/40] cryptodev: clarify usage of private key in dh
> 
> > - clarified usage of private key in Diffie-Hellman.
> > CSRNG capable device should generate private key and then use it for
> > public key generation.
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> >  lib/cryptodev/rte_crypto_asym.h | 4 ++++
> >  1 file changed, 4 insertions(+)
> >
> > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > b/lib/cryptodev/rte_crypto_asym.h index 01b1fdd074..a6bb70ca3f 100644
> > --- a/lib/cryptodev/rte_crypto_asym.h
> > +++ b/lib/cryptodev/rte_crypto_asym.h
> > @@ -459,6 +459,10 @@ struct rte_crypto_dh_op_param {
> >  	 * Output generated private key when op_type is
> >  	 * DH PRIVATE_KEY_GENERATION
> >  	 * Input for RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
> > +	 * In case priv_key.length is 0 and op_type is set with
> > +	 * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, CSRNG capable
> > +	 * device will generate private key and use it for public
> > +	 * key generation.
> 
> What is expected for the device which does not support this?
> How will the application decide?
[Arek] - it is similar issue as in DSA/ECDSA 'k'. Or we will add some PMD flag to determine if PMD is CSRNG capable or it will be stated in PMD .rst file. If device does not support random, packet will be rejected (send to response queue with NOT_PROCESSED). This comment should probably be added.
> 
> >  	 */
> >  	union {
> >  		rte_crypto_uint pub_key;
> > --
> > 2.13.6
Akhil Goyal May 25, 2022, 6:09 a.m. UTC | #3
> > > - clarified usage of private key in Diffie-Hellman.
> > > CSRNG capable device should generate private key and then use it for
> > > public key generation.
> > >
> > > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > > ---
> > >  lib/cryptodev/rte_crypto_asym.h | 4 ++++
> > >  1 file changed, 4 insertions(+)
> > >
> > > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > > b/lib/cryptodev/rte_crypto_asym.h index 01b1fdd074..a6bb70ca3f 100644
> > > --- a/lib/cryptodev/rte_crypto_asym.h
> > > +++ b/lib/cryptodev/rte_crypto_asym.h
> > > @@ -459,6 +459,10 @@ struct rte_crypto_dh_op_param {
> > >  	 * Output generated private key when op_type is
> > >  	 * DH PRIVATE_KEY_GENERATION
> > >  	 * Input for RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
> > > +	 * In case priv_key.length is 0 and op_type is set with
> > > +	 * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, CSRNG capable
> > > +	 * device will generate private key and use it for public
> > > +	 * key generation.
> >
> > What is expected for the device which does not support this?
> > How will the application decide?
> [Arek] - it is similar issue as in DSA/ECDSA 'k'. Or we will add some PMD flag to
> determine if PMD is CSRNG capable or it will be stated in PMD .rst file. If device
> does not support random, packet will be rejected (send to response queue with
> NOT_PROCESSED). This comment should probably be added.

I believe this can be covered in the capability patch that you are working on.
Kusztal, ArkadiuszX May 25, 2022, 6:37 a.m. UTC | #4
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Wednesday, May 25, 2022 8:10 AM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>
> Subject: RE: [EXT] [PATCH 38/40] cryptodev: clarify usage of private key in dh
> 
> > > > - clarified usage of private key in Diffie-Hellman.
> > > > CSRNG capable device should generate private key and then use it
> > > > for public key generation.
> > > >
> > > > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > > > ---
> > > >  lib/cryptodev/rte_crypto_asym.h | 4 ++++
> > > >  1 file changed, 4 insertions(+)
> > > >
> > > > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > > > b/lib/cryptodev/rte_crypto_asym.h index 01b1fdd074..a6bb70ca3f
> > > > 100644
> > > > --- a/lib/cryptodev/rte_crypto_asym.h
> > > > +++ b/lib/cryptodev/rte_crypto_asym.h
> > > > @@ -459,6 +459,10 @@ struct rte_crypto_dh_op_param {
> > > >  	 * Output generated private key when op_type is
> > > >  	 * DH PRIVATE_KEY_GENERATION
> > > >  	 * Input for RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
> > > > +	 * In case priv_key.length is 0 and op_type is set with
> > > > +	 * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, CSRNG capable
> > > > +	 * device will generate private key and use it for public
> > > > +	 * key generation.
> > >
> > > What is expected for the device which does not support this?
> > > How will the application decide?
> > [Arek] - it is similar issue as in DSA/ECDSA 'k'. Or we will add some
> > PMD flag to determine if PMD is CSRNG capable or it will be stated in
> > PMD .rst file. If device does not support random, packet will be
> > rejected (send to response queue with NOT_PROCESSED). This comment
> should probably be added.
> 
> I believe this can be covered in the capability patch that you are working on.
+ 1
diff mbox series

Patch

diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index 01b1fdd074..a6bb70ca3f 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -459,6 +459,10 @@  struct rte_crypto_dh_op_param {
 	 * Output generated private key when op_type is
 	 * DH PRIVATE_KEY_GENERATION
 	 * Input for RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE
+	 * In case priv_key.length is 0 and op_type is set with
+	 * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, CSRNG capable
+	 * device will generate private key and use it for public
+	 * key generation.
 	 */
 	union {
 		rte_crypto_uint pub_key;