Message ID | 20211129095159.16376-1-rbalu@marvell.com (mailing list archive) |
---|---|
Headers |
Return-Path: <dev-bounces@dpdk.org> X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CB774A0C5A; Mon, 29 Nov 2021 11:41:09 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6089B4068A; Mon, 29 Nov 2021 11:41:09 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 24C1440689; Mon, 29 Nov 2021 10:52:48 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 1AT7Z4s3008095; Mon, 29 Nov 2021 01:52:47 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=NW97CQMVQYoEnbIZwaRUYL9QaD1+NdXUguzZeIX4/jY=; b=ZwbUccXCZ5SYGuQQ/sbNf99COnild303CteqMc5hf87iUt/CnY3GlrZg5Va7wtKN5cFV avZmWKxdyl2H0vMsAI7XaC6lOu1ZqTRkm7fQk6BTd9T0bSBxkG/Sa+YBZsrJYcnjk6Ol wneLawG/PKjyzdmbjHOUlQHrP0s5D8MgIAEaRMT53OfH5Yt27GmAmWKVopD3/lR+eVD7 /qEDbqXNewOVRQagnWbTZEsk4rBFqziFx9XBLj2tvCZ1aOBBU6STgn84+v7nlKPWjjNf UqnLjW3Ovnl7zIbVY1/VD2++41f/e5Dg3d3zq+KRXpKF3B+lKiHDWqWqFXqhorDR/b9I Jw== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3cmtkpgd85-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 29 Nov 2021 01:52:47 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 29 Nov 2021 01:52:45 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend Transport; Mon, 29 Nov 2021 01:52:45 -0800 Received: from rbalu.marvell.com (unknown [10.29.53.29]) by maili.marvell.com (Postfix) with ESMTP id 8024F3F7079; Mon, 29 Nov 2021 01:52:42 -0800 (PST) From: Ramkumar Balu <rbalu@marvell.com> To: Akhil Goyal <gakhil@marvell.com>, Anoob Joseph <anoobj@marvell.com>, Declan Doherty <declan.doherty@intel.com>, Fan Zhang <roy.fan.zhang@intel.com>, Ankur Dwivedi <adwivedi@marvell.com>, "Tejasree Kondoj" <ktejasree@marvell.com> CC: <stable@dpdk.org>, <dev@dpdk.org>, Ramkumar <rbalu@marvell.com> Subject: [PATCH 0/5] cryptodev: fix inconsistency in RSA op usage Date: Mon, 29 Nov 2021 09:51:54 +0000 Message-ID: <20211129095159.16376-1-rbalu@marvell.com> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: qaxLquUOQ6N7WsePaXoTUqPdKfdTo4bw X-Proofpoint-ORIG-GUID: qaxLquUOQ6N7WsePaXoTUqPdKfdTo4bw X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-11-29_07,2021-11-28_01,2020-04-07_01 X-Mailman-Approved-At: Mon, 29 Nov 2021 11:41:08 +0100 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions <dev.dpdk.org> List-Unsubscribe: <https://mails.dpdk.org/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://mails.dpdk.org/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <https://mails.dpdk.org/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org |
Series |
cryptodev: fix inconsistency in RSA op usage
|
|
Message
Ramkumar Balu
Nov. 29, 2021, 9:51 a.m. UTC
From: Ramkumar <rbalu@marvell.com>
The RSA verify operation is performed in two stages: 1. decrypt using
public key (output: plaintext message) 2. Compare resultant plaintext
message with the expected plaintext message to verify. (return
succ/fail in status field) Some applications need the decrypted
plaintext (stage 1 result) also to be retunred. For reference, OpenSSL
also provides similar API (RSA_public_decrypt).
lib cryptodev API failed to specify a field in 'struct
rte_crypto_rsa_op_param' to return the plaintext result after public
key decryption. It created inconsistency among crypto PMDs in returning
plaintext during RSA verify.
Inconsistency in RSA verify,
crypto/octeontx - uses 'sign' field to return plaintext
crypto/cnxk - uses 'sign' field to return plaintext
crypto/openssl - does not return plaintext
crypto/qat - uses 'cipher' field to return plaintext
test/cryptodev_asym - expects PMDs to use 'cipher' field
Thus, this patch series fixes all usages to only use 'cipher' field for
above described scenario. The 'sign' and 'message' fields are not
chosen as they are used for different purpose under same operation.
rte_crypto_rsa_op_param struct fields to use for
RTE_CRYPTO_ASYM_OP_VERIFY:
1. input: rsa.sign - signature to be decrypted or verified
2. input: rsa.message - expected plaintext, used to compare
3. output: rsa.cipher - resultant plaintext from decryption
Ramkumar (5):
cryptodev: fix RSA op cipher field description
crypto/openssl: fix output of RSA verify op
crypto/octeontx: fix output field for RSA verify
crypto/octeontx2: fix output field for RSA verify
crypto/cnxk: fix output field for RSA verify
drivers/crypto/cnxk/cnxk_ae.h | 15 +++++++++------
drivers/crypto/octeontx/otx_cryptodev_ops.c | 10 ++++++----
drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 16 +++++++++-------
drivers/crypto/openssl/rte_openssl_pmd.c | 16 +++++++++++-----
lib/cryptodev/rte_crypto_asym.h | 7 ++++---
5 files changed, 39 insertions(+), 25 deletions(-)
Comments
Hi Ramkumar, > -----Original Message----- > From: Ramkumar Balu <rbalu@marvell.com> > Sent: Monday, November 29, 2021 10:52 AM > To: Akhil Goyal <gakhil@marvell.com>; Anoob Joseph <anoobj@marvell.com>; > Doherty, Declan <declan.doherty@intel.com>; Zhang, Roy Fan > <roy.fan.zhang@intel.com>; Ankur Dwivedi <adwivedi@marvell.com>; Tejasree > Kondoj <ktejasree@marvell.com> > Cc: stable@dpdk.org; dev@dpdk.org; Ramkumar <rbalu@marvell.com> > Subject: [PATCH 0/5] cryptodev: fix inconsistency in RSA op usage > > From: Ramkumar <rbalu@marvell.com> > > The RSA verify operation is performed in two stages: 1. decrypt using public key > (output: plaintext message) 2. Compare resultant plaintext message with the > expected plaintext message to verify. (return succ/fail in status field) Some > applications need the decrypted plaintext (stage 1 result) also to be retunred. [Arek] - It should only be the case when NO_PADDING selected (that's why QAT returns decrypted data, and only because of that), but I would propose to change it that NO_PADDING signature is not possible -> change it to NO_PADDING Private/Public operations (we cannot verify it in PMD anyway as we do not know padding type). > For reference, OpenSSL also provides similar API (RSA_public_decrypt). [Arek] - this function is not only deprecated but incorrect. It should not be used for signatures when padding selected. Normally functions that handle padding will only return verification status only, not data. > > lib cryptodev API failed to specify a field in 'struct rte_crypto_rsa_op_param' to > return the plaintext result after public key decryption. It created inconsistency > among crypto PMDs in returning plaintext during RSA verify. > > Inconsistency in RSA verify, > crypto/octeontx - uses 'sign' field to return plaintext crypto/cnxk - uses 'sign' > field to return plaintext crypto/openssl - does not return plaintext crypto/qat - > uses 'cipher' field to return plaintext test/cryptodev_asym - expects PMDs to use > 'cipher' field > > Thus, this patch series fixes all usages to only use 'cipher' field for above > described scenario. The 'sign' and 'message' fields are not chosen as they are > used for different purpose under same operation. > > rte_crypto_rsa_op_param struct fields to use for > RTE_CRYPTO_ASYM_OP_VERIFY: > 1. input: rsa.sign - signature to be decrypted or verified 2. input: rsa.message - > expected plaintext, used to compare 3. output: rsa.cipher - resultant plaintext > from decryption > > > Ramkumar (5): > cryptodev: fix RSA op cipher field description > crypto/openssl: fix output of RSA verify op > crypto/octeontx: fix output field for RSA verify > crypto/octeontx2: fix output field for RSA verify > crypto/cnxk: fix output field for RSA verify > > drivers/crypto/cnxk/cnxk_ae.h | 15 +++++++++------ > drivers/crypto/octeontx/otx_cryptodev_ops.c | 10 ++++++---- > drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 16 +++++++++------- > drivers/crypto/openssl/rte_openssl_pmd.c | 16 +++++++++++----- > lib/cryptodev/rte_crypto_asym.h | 7 ++++--- > 5 files changed, 39 insertions(+), 25 deletions(-) > > -- > 2.17.1