[RFC] lib/crypto: mark asym session-buffer non-reuseable
Checks
Commit Message
Update asym xform usage in cryptodev documentation.
Xform are immutable, non-reuseable entity till
life time of session. This allow some PMD to optimize
session setup time.
Signed-off-by: Ayuj Verma <ayverma@marvell.com>
Signed-off-by: Shally Verma <shallyv@marvell.com>
---
doc/guides/prog_guide/cryptodev_lib.rst | 6 ++++++
lib/librte_cryptodev/rte_cryptodev_pmd.h | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
Comments
Hi Ayuj,
> -----Original Message-----
> From: Ayuj Verma [mailto:ayverma@marvell.com]
> Sent: Wednesday, July 17, 2019 1:34 PM
> To: akhil.goyal@nxp.com
> Cc: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>;
> shallyv@marvell.com; ssahu@marvell.com; kkotamarthy@marvell.com; dev@dpdk.org; Ayuj Verma
> <ayverma@marvell.com>
> Subject: [RFC] lib/crypto: mark asym session-buffer non-reuseable
>
> Update asym xform usage in cryptodev documentation.
>
> Xform are immutable, non-reuseable entity till
> life time of session. This allow some PMD to optimize
> session setup time.
>
> Signed-off-by: Ayuj Verma <ayverma@marvell.com>
> Signed-off-by: Shally Verma <shallyv@marvell.com>
> ---
> doc/guides/prog_guide/cryptodev_lib.rst | 6 ++++++
> lib/librte_cryptodev/rte_cryptodev_pmd.h | 2 +-
> 2 files changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/doc/guides/prog_guide/cryptodev_lib.rst b/doc/guides/prog_guide/cryptodev_lib.rst
> index 9719944..c97a239 100644
> --- a/doc/guides/prog_guide/cryptodev_lib.rst
> +++ b/doc/guides/prog_guide/cryptodev_lib.rst
> @@ -894,6 +894,12 @@ asymmetric crypto chaining is Diffie-Hellman private key generation followed
> by
> public generation. Also, currently API does not support chaining of symmetric and
> asymmetric crypto xforms.
>
> +Transform is attached to session during asym session initialization and can't be
> +modified during session configuration. It remains constant till the end of life
[Fiona] I agree with the intent of the RFC. And suggest being more explicit and
saying "It and all the data buffers it points to should remain constant..."
> +span of a session. It should be used as it is in PMD, PMDs which requires
> +modification of these immutable data should internally do memcpy of data and
> +perform required operations.
[Fiona] for security I suggest adding here "It's the PMDs responsibility to ensure that any private data
copied to local PMD storage is not stored by the PMD for longer than the session lifetime.
> Each xform defines specific asymmetric crypto algo. Currently supported are:
> * RSA
> * Modular operations (Exponentiation and Inverse)
> diff --git a/lib/librte_cryptodev/rte_cryptodev_pmd.h b/lib/librte_cryptodev/rte_cryptodev_pmd.h
> index defe05e..1f083ea 100644
> --- a/lib/librte_cryptodev/rte_cryptodev_pmd.h
> +++ b/lib/librte_cryptodev/rte_cryptodev_pmd.h
> @@ -290,7 +290,7 @@ typedef int (*cryptodev_sym_configure_session_t)(struct rte_cryptodev *dev,
> * - Returns -ENOMEM if the private session could not be allocated.
> */
> typedef int (*cryptodev_asym_configure_session_t)(struct rte_cryptodev *dev,
> - struct rte_crypto_asym_xform *xform,
> + const struct rte_crypto_asym_xform *xform,
> struct rte_cryptodev_asym_session *session,
> struct rte_mempool *mp);
> /**
> --
> 1.8.3.1
> -----Original Message-----
> From: Trahe, Fiona
> Sent: Wednesday, July 17, 2019 4:04 PM
> To: Ayuj Verma <ayverma@marvell.com>; akhil.goyal@nxp.com
> Cc: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>;
> shallyv@marvell.com; ssahu@marvell.com; kkotamarthy@marvell.com;
> dev@dpdk.org; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: RE: [RFC] lib/crypto: mark asym session-buffer non-reuseable
>
> Hi Ayuj,
>
> > -----Original Message-----
> > From: Ayuj Verma [mailto:ayverma@marvell.com]
> > Sent: Wednesday, July 17, 2019 1:34 PM
> > To: akhil.goyal@nxp.com
> > Cc: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; Trahe, Fiona
> > <fiona.trahe@intel.com>; shallyv@marvell.com; ssahu@marvell.com;
> > kkotamarthy@marvell.com; dev@dpdk.org; Ayuj Verma
> > <ayverma@marvell.com>
> > Subject: [RFC] lib/crypto: mark asym session-buffer non-reuseable
> >
> > Update asym xform usage in cryptodev documentation.
> >
> > Xform are immutable, non-reuseable entity till life time of session.
> > This allow some PMD to optimize session setup time.
> >
> > Signed-off-by: Ayuj Verma <ayverma@marvell.com>
> > Signed-off-by: Shally Verma <shallyv@marvell.com>
> > ---
> > doc/guides/prog_guide/cryptodev_lib.rst | 6 ++++++
> > lib/librte_cryptodev/rte_cryptodev_pmd.h | 2 +-
> > 2 files changed, 7 insertions(+), 1 deletion(-)
> >
> > diff --git a/doc/guides/prog_guide/cryptodev_lib.rst
> > b/doc/guides/prog_guide/cryptodev_lib.rst
> > index 9719944..c97a239 100644
> > --- a/doc/guides/prog_guide/cryptodev_lib.rst
> > +++ b/doc/guides/prog_guide/cryptodev_lib.rst
> > @@ -894,6 +894,12 @@ asymmetric crypto chaining is Diffie-Hellman
> > private key generation followed by public generation. Also, currently
> > API does not support chaining of symmetric and asymmetric crypto
> > xforms.
> >
> > +Transform is attached to session during asym session initialization
> > +and can't be modified during session configuration. It remains
> > +constant till the end of life
> [Fiona] I agree with the intent of the RFC. And suggest being more explicit
> and saying "It and all the data buffers it points to should remain constant..."
[AK] I agree with RFC and Fiona :).
>
> > +span of a session. It should be used as it is in PMD, PMDs which
> > +requires modification of these immutable data should internally do
> > +memcpy of data and perform required operations.
> [Fiona] for security I suggest adding here "It's the PMDs responsibility to
> ensure that any private data copied to local PMD storage is not stored by the
> PMD for longer than the session lifetime.
>
> > Each xform defines specific asymmetric crypto algo. Currently supported
> are:
> > * RSA
> > * Modular operations (Exponentiation and Inverse) diff --git
> > a/lib/librte_cryptodev/rte_cryptodev_pmd.h
> > b/lib/librte_cryptodev/rte_cryptodev_pmd.h
> > index defe05e..1f083ea 100644
> > --- a/lib/librte_cryptodev/rte_cryptodev_pmd.h
> > +++ b/lib/librte_cryptodev/rte_cryptodev_pmd.h
> > @@ -290,7 +290,7 @@ typedef int
> (*cryptodev_sym_configure_session_t)(struct rte_cryptodev *dev,
> > * - Returns -ENOMEM if the private session could not be allocated.
> > */
> > typedef int (*cryptodev_asym_configure_session_t)(struct rte_cryptodev
> *dev,
> > - struct rte_crypto_asym_xform *xform,
> > + const struct rte_crypto_asym_xform *xform,
> > struct rte_cryptodev_asym_session *session,
> > struct rte_mempool *mp);
> > /**
> > --
> > 1.8.3.1
Hi Arek, Fiona
Please see in-line.
Thanks and regards
Ayuj Verma
Hi Arek, Fiona,
> [Fiona] I agree with the intent of the RFC. And suggest being more explicit
> and saying "It and all the data buffers it points to should remain constant..."
[AK] I agree with RFC and Fiona :).
[Ayuj] ACK. will submit a v2.
>> Correction: Will incorporate this in Patch v1.
Thanks and regards
Ayuj Verma
@@ -894,6 +894,12 @@ asymmetric crypto chaining is Diffie-Hellman private key generation followed by
public generation. Also, currently API does not support chaining of symmetric and
asymmetric crypto xforms.
+Transform is attached to session during asym session initialization and can't be
+modified during session configuration. It remains constant till the end of life
+span of a session. It should be used as it is in PMD, PMDs which requires
+modification of these immutable data should internally do memcpy of data and
+perform required operations.
+
Each xform defines specific asymmetric crypto algo. Currently supported are:
* RSA
* Modular operations (Exponentiation and Inverse)
@@ -290,7 +290,7 @@ typedef int (*cryptodev_sym_configure_session_t)(struct rte_cryptodev *dev,
* - Returns -ENOMEM if the private session could not be allocated.
*/
typedef int (*cryptodev_asym_configure_session_t)(struct rte_cryptodev *dev,
- struct rte_crypto_asym_xform *xform,
+ const struct rte_crypto_asym_xform *xform,
struct rte_cryptodev_asym_session *session,
struct rte_mempool *mp);
/**