[30/40] cryptodev: reduce rsa struct to only necessary fields

  - reduced rsa struct to only necessary fields.
RSA operation is generally used with one input and one output.
One exception for this is signature verification, when RSA verify
called, both message and signature are inputs, but there is no rsa
output except for op status.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 lib/cryptodev/rte_crypto_asym.h | 87 +++++++++++++++++++++++------------------
 1 file changed, 50 insertions(+), 37 deletions(-)
  

> - reduced rsa struct to only necessary fields.
> RSA operation is generally used with one input and one output.
> One exception for this is signature verification, when RSA verify
> called, both message and signature are inputs, but there is no rsa
> output except for op status.

I am not sure if this is the correct renaming of fields.

You are changing the name of message -> input and 
Cipher and sign -> output/message union. Right?

I believe this would impact the existing applications and 
Would create confusion as the message was used for input and now it is 
In union with output.

The logic listed here is looking very complex.
Please simplify it. Can you try adding comments in the description of struct
Instead of individual fields.
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  lib/cryptodev/rte_crypto_asym.h | 87 +++++++++++++++++++++++----------------
> --
>  1 file changed, 50 insertions(+), 37 deletions(-)
> 
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index c864b8a115..37dd3b9d86 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -362,53 +362,66 @@ struct rte_crypto_rsa_op_param {
>  	enum rte_crypto_asym_op_type op_type;
>  	/**< Type of RSA operation for transform */
> 
> -	rte_crypto_param message;
> +	rte_crypto_param input;
>  	/**<
> -	 * Pointer to input data
> -	 * - to be encrypted for RSA public encrypt.
> -	 * - to be signed for RSA sign generation.
> -	 * - to be authenticated for RSA sign verification.
> +	 * When op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT:
> +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> +	 * input should only be used along with cryptographically
> +	 * secure padding scheme.
> +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5
> +	 * input shall be no longer than public modulus minus 11.
> +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_OAEP
> +	 * input shall be no longer than public modulus -
> +	 * 2 * len(hash) - 2.
> +	 * When op_type == RTE_CRYPTO_ASYM_OP_SIGN:
>  	 *
> -	 * Pointer to output data
> -	 * - for RSA private decrypt.
> -	 * In this case the underlying array should have been
> -	 * allocated with enough memory to hold plaintext output
> -	 * (i.e. must be at least RSA key size). The message.length
> -	 * field should be 0 and will be overwritten by the PMD
> -	 * with the decrypted length.
> +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> +	 * input should only be used along with cryptographically
> +	 * secure padding scheme.	 *
> +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or
> +	 * RTE_CRYPTO_RSA_PADDING_PSS
> +	 * if the RTE_CRYPTO_RSA_FLAG_PT flag is set, input shall contain
> +	 * the message to be signed, if this flag is not set,
> +	 * input shall contain the digest of the message to be signed.

Does it mean if padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or RTE_CRYPTO_RSA_PADDING_PSS  and if RTE_CRYPTO_RSA_FLAG_PT flag is set

>  	 *
> -	 * All data is in Octet-string network byte order format.
> -	 */
> -
> -	rte_crypto_param cipher;
> -	/**<
> -	 * Pointer to input data
> -	 * - to be decrypted for RSA private decrypt.
> +	 * When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT:
>  	 *
> -	 * Pointer to output data
> -	 * - for RSA public encrypt.
> -	 * In this case the underlying array should have been allocated
> -	 * with enough memory to hold ciphertext output (i.e. must be
> -	 * at least RSA key size). The cipher.length field should
> -	 * be 0 and will be overwritten by the PMD with the encrypted length.
> +	 * Input shall contain previously encrypted RSA message.
>  	 *
> -	 * All data is in Octet-string network byte order format.
> +	 * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
> +	 *
> +	 * Input shall contain signature to be verified
>  	 */
> -
> -	rte_crypto_param sign;
> +	union {
> +		rte_crypto_param output;
> +		rte_crypto_param message;
> +	};
>  	/**<
> -	 * Pointer to input data
> -	 * - to be verified for RSA public decrypt.
> +	 * When op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT:
> +	 *
> +	 * Output shall contain encrypted data, output.length shall
> +	 * be set to the length of encrypted data.
> +	 *
> +	 * When op_type ==
> RTE_CRYPTO_ASYM_OP_DECRYPT/RTE_CRYPTO_ASYM_OP_SIGN:
>  	 *
> -	 * Pointer to output data
> -	 * - for RSA private encrypt.
> -	 * In this case the underlying array should have been allocated
> -	 * with enough memory to hold signature output (i.e. must be
> -	 * at least RSA key size). The sign.length field should
> -	 * be 0 and will be overwritten by the PMD with the signature length.
> +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> +	 * output shall contain decrypted/signed data, but all leading zeros
> +	 * shall be preserved. Therefore output.length should be
> +	 * equal to the length of the modulus..
> +	 * For other types of padding, output should contain
> +	 * decrypted data, and output.length shall be set to the length
> +	 * of decrypted data.
>  	 *
> -	 * All data is in Octet-string network byte order format.
> +	 * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
> +	 *
> +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> +	 * output shall contain the public key decrypted signature.
> +	 * All leading zeroes shall be preserved.
> +	 *
> +	 * For other padding types, the message should be set with data for the
> +	 * signature to be compared with.
>  	 */
> +
>  	struct rte_crypto_rsa_padding padding;
>  	/**< RSA padding information */
> 
> --
> 2.13.6
  

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Tuesday, May 24, 2022 2:53 PM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: Anoob Joseph <anoobj@marvell.com>; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>
> Subject: RE: [EXT] [PATCH 30/40] cryptodev: reduce rsa struct to only necessary
> fields
> 
> > - reduced rsa struct to only necessary fields.
> > RSA operation is generally used with one input and one output.
> > One exception for this is signature verification, when RSA verify
> > called, both message and signature are inputs, but there is no rsa
> > output except for op status.
> 
> I am not sure if this is the correct renaming of fields.
> 
> You are changing the name of message -> input and Cipher and sign ->
> output/message union. Right?
> 
> I believe this would impact the existing applications and Would create confusion
> as the message was used for input and now it is In union with output.
[Arek] - Yes, this will impact current apps. And yes, message may be confusing.
But main question, is there consensus for the Input - Output approach in RSA? If not I will drop it from v2.
If so, in case SIGNATURE_VERIFY and PADDING_NONE decrypted signature should be placed in message or cipher with no further PMD involvement.

> 
> The logic listed here is looking very complex.
> Please simplify it. Can you try adding comments in the description of struct
> Instead of individual fields.
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
> >  lib/cryptodev/rte_crypto_asym.h | 87
> > +++++++++++++++++++++++----------------
> > --
> >  1 file changed, 50 insertions(+), 37 deletions(-)
> >
> > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > b/lib/cryptodev/rte_crypto_asym.h index c864b8a115..37dd3b9d86 100644
> > --- a/lib/cryptodev/rte_crypto_asym.h
> > +++ b/lib/cryptodev/rte_crypto_asym.h
> > @@ -362,53 +362,66 @@ struct rte_crypto_rsa_op_param {
> >  	enum rte_crypto_asym_op_type op_type;
> >  	/**< Type of RSA operation for transform */
> >
> > -	rte_crypto_param message;
> > +	rte_crypto_param input;
> >  	/**<
> > -	 * Pointer to input data
> > -	 * - to be encrypted for RSA public encrypt.
> > -	 * - to be signed for RSA sign generation.
> > -	 * - to be authenticated for RSA sign verification.
> > +	 * When op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT:
> > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> > +	 * input should only be used along with cryptographically
> > +	 * secure padding scheme.
> > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5
> > +	 * input shall be no longer than public modulus minus 11.
> > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_OAEP
> > +	 * input shall be no longer than public modulus -
> > +	 * 2 * len(hash) - 2.
> > +	 * When op_type == RTE_CRYPTO_ASYM_OP_SIGN:
> >  	 *
> > -	 * Pointer to output data
> > -	 * - for RSA private decrypt.
> > -	 * In this case the underlying array should have been
> > -	 * allocated with enough memory to hold plaintext output
> > -	 * (i.e. must be at least RSA key size). The message.length
> > -	 * field should be 0 and will be overwritten by the PMD
> > -	 * with the decrypted length.
> > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> > +	 * input should only be used along with cryptographically
> > +	 * secure padding scheme.	 *
> > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or
> > +	 * RTE_CRYPTO_RSA_PADDING_PSS
> > +	 * if the RTE_CRYPTO_RSA_FLAG_PT flag is set, input shall contain
> > +	 * the message to be signed, if this flag is not set,
> > +	 * input shall contain the digest of the message to be signed.
> 
> Does it mean if padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or
> RTE_CRYPTO_RSA_PADDING_PSS  and if RTE_CRYPTO_RSA_FLAG_PT flag is set
[Arek] - this one will be out, no one probably will come asking for this functionality anyway.
> 
> >  	 *
> > -	 * All data is in Octet-string network byte order format.
> > -	 */
> > -
> > -	rte_crypto_param cipher;
> > -	/**<
> > -	 * Pointer to input data
> > -	 * - to be decrypted for RSA private decrypt.
> > +	 * When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT:
> >  	 *
> > -	 * Pointer to output data
> > -	 * - for RSA public encrypt.
> > -	 * In this case the underlying array should have been allocated
> > -	 * with enough memory to hold ciphertext output (i.e. must be
> > -	 * at least RSA key size). The cipher.length field should
> > -	 * be 0 and will be overwritten by the PMD with the encrypted length.
> > +	 * Input shall contain previously encrypted RSA message.
> >  	 *
> > -	 * All data is in Octet-string network byte order format.
> > +	 * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
> > +	 *
> > +	 * Input shall contain signature to be verified
> >  	 */
> > -
> > -	rte_crypto_param sign;
> > +	union {
> > +		rte_crypto_param output;
> > +		rte_crypto_param message;
> > +	};
> >  	/**<
> > -	 * Pointer to input data
> > -	 * - to be verified for RSA public decrypt.
> > +	 * When op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT:
> > +	 *
> > +	 * Output shall contain encrypted data, output.length shall
> > +	 * be set to the length of encrypted data.
> > +	 *
> > +	 * When op_type ==
> > RTE_CRYPTO_ASYM_OP_DECRYPT/RTE_CRYPTO_ASYM_OP_SIGN:
> >  	 *
> > -	 * Pointer to output data
> > -	 * - for RSA private encrypt.
> > -	 * In this case the underlying array should have been allocated
> > -	 * with enough memory to hold signature output (i.e. must be
> > -	 * at least RSA key size). The sign.length field should
> > -	 * be 0 and will be overwritten by the PMD with the signature length.
> > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> > +	 * output shall contain decrypted/signed data, but all leading zeros
> > +	 * shall be preserved. Therefore output.length should be
> > +	 * equal to the length of the modulus..
> > +	 * For other types of padding, output should contain
> > +	 * decrypted data, and output.length shall be set to the length
> > +	 * of decrypted data.
> >  	 *
> > -	 * All data is in Octet-string network byte order format.
> > +	 * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
> > +	 *
> > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> > +	 * output shall contain the public key decrypted signature.
> > +	 * All leading zeroes shall be preserved.
> > +	 *
> > +	 * For other padding types, the message should be set with data for the
> > +	 * signature to be compared with.
> >  	 */
> > +
> >  	struct rte_crypto_rsa_padding padding;
> >  	/**< RSA padding information */
> >
> > --
> > 2.13.6
  

> > > - reduced rsa struct to only necessary fields.
> > > RSA operation is generally used with one input and one output.
> > > One exception for this is signature verification, when RSA verify
> > > called, both message and signature are inputs, but there is no rsa
> > > output except for op status.
> >
> > I am not sure if this is the correct renaming of fields.
> >
> > You are changing the name of message -> input and Cipher and sign ->
> > output/message union. Right?
> >
> > I believe this would impact the existing applications and Would create
> confusion
> > as the message was used for input and now it is In union with output.
> [Arek] - Yes, this will impact current apps. And yes, message may be confusing.
> But main question, is there consensus for the Input - Output approach in RSA? If
> not I will drop it from v2.
> If so, in case SIGNATURE_VERIFY and PADDING_NONE decrypted signature
> should be placed in message or cipher with no further PMD involvement.

++Kiran

> 
> >
> > The logic listed here is looking very complex.
> > Please simplify it. Can you try adding comments in the description of struct
> > Instead of individual fields.
> > >
> > > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> > > ---
> > >  lib/cryptodev/rte_crypto_asym.h | 87
> > > +++++++++++++++++++++++----------------
> > > --
> > >  1 file changed, 50 insertions(+), 37 deletions(-)
> > >
> > > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > > b/lib/cryptodev/rte_crypto_asym.h index c864b8a115..37dd3b9d86 100644
> > > --- a/lib/cryptodev/rte_crypto_asym.h
> > > +++ b/lib/cryptodev/rte_crypto_asym.h
> > > @@ -362,53 +362,66 @@ struct rte_crypto_rsa_op_param {
> > >  	enum rte_crypto_asym_op_type op_type;
> > >  	/**< Type of RSA operation for transform */
> > >
> > > -	rte_crypto_param message;
> > > +	rte_crypto_param input;
> > >  	/**<
> > > -	 * Pointer to input data
> > > -	 * - to be encrypted for RSA public encrypt.
> > > -	 * - to be signed for RSA sign generation.
> > > -	 * - to be authenticated for RSA sign verification.
> > > +	 * When op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT:
> > > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> > > +	 * input should only be used along with cryptographically
> > > +	 * secure padding scheme.
> > > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5
> > > +	 * input shall be no longer than public modulus minus 11.
> > > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_OAEP
> > > +	 * input shall be no longer than public modulus -
> > > +	 * 2 * len(hash) - 2.
> > > +	 * When op_type == RTE_CRYPTO_ASYM_OP_SIGN:
> > >  	 *
> > > -	 * Pointer to output data
> > > -	 * - for RSA private decrypt.
> > > -	 * In this case the underlying array should have been
> > > -	 * allocated with enough memory to hold plaintext output
> > > -	 * (i.e. must be at least RSA key size). The message.length
> > > -	 * field should be 0 and will be overwritten by the PMD
> > > -	 * with the decrypted length.
> > > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> > > +	 * input should only be used along with cryptographically
> > > +	 * secure padding scheme.	 *
> > > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or
> > > +	 * RTE_CRYPTO_RSA_PADDING_PSS
> > > +	 * if the RTE_CRYPTO_RSA_FLAG_PT flag is set, input shall contain
> > > +	 * the message to be signed, if this flag is not set,
> > > +	 * input shall contain the digest of the message to be signed.
> >
> > Does it mean if padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or
> > RTE_CRYPTO_RSA_PADDING_PSS  and if RTE_CRYPTO_RSA_FLAG_PT flag is
> set
> [Arek] - this one will be out, no one probably will come asking for this
> functionality anyway.
> >
> > >  	 *
> > > -	 * All data is in Octet-string network byte order format.
> > > -	 */
> > > -
> > > -	rte_crypto_param cipher;
> > > -	/**<
> > > -	 * Pointer to input data
> > > -	 * - to be decrypted for RSA private decrypt.
> > > +	 * When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT:
> > >  	 *
> > > -	 * Pointer to output data
> > > -	 * - for RSA public encrypt.
> > > -	 * In this case the underlying array should have been allocated
> > > -	 * with enough memory to hold ciphertext output (i.e. must be
> > > -	 * at least RSA key size). The cipher.length field should
> > > -	 * be 0 and will be overwritten by the PMD with the encrypted length.
> > > +	 * Input shall contain previously encrypted RSA message.
> > >  	 *
> > > -	 * All data is in Octet-string network byte order format.
> > > +	 * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
> > > +	 *
> > > +	 * Input shall contain signature to be verified
> > >  	 */
> > > -
> > > -	rte_crypto_param sign;
> > > +	union {
> > > +		rte_crypto_param output;
> > > +		rte_crypto_param message;
> > > +	};
> > >  	/**<
> > > -	 * Pointer to input data
> > > -	 * - to be verified for RSA public decrypt.
> > > +	 * When op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT:
> > > +	 *
> > > +	 * Output shall contain encrypted data, output.length shall
> > > +	 * be set to the length of encrypted data.
> > > +	 *
> > > +	 * When op_type ==
> > > RTE_CRYPTO_ASYM_OP_DECRYPT/RTE_CRYPTO_ASYM_OP_SIGN:
> > >  	 *
> > > -	 * Pointer to output data
> > > -	 * - for RSA private encrypt.
> > > -	 * In this case the underlying array should have been allocated
> > > -	 * with enough memory to hold signature output (i.e. must be
> > > -	 * at least RSA key size). The sign.length field should
> > > -	 * be 0 and will be overwritten by the PMD with the signature length.
> > > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> > > +	 * output shall contain decrypted/signed data, but all leading zeros
> > > +	 * shall be preserved. Therefore output.length should be
> > > +	 * equal to the length of the modulus..
> > > +	 * For other types of padding, output should contain
> > > +	 * decrypted data, and output.length shall be set to the length
> > > +	 * of decrypted data.
> > >  	 *
> > > -	 * All data is in Octet-string network byte order format.
> > > +	 * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
> > > +	 *
> > > +	 * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
> > > +	 * output shall contain the public key decrypted signature.
> > > +	 * All leading zeroes shall be preserved.
> > > +	 *
> > > +	 * For other padding types, the message should be set with data for the
> > > +	 * signature to be compared with.
> > >  	 */
> > > +
> > >  	struct rte_crypto_rsa_padding padding;
> > >  	/**< RSA padding information */
> > >
> > > --
> > > 2.13.6