[virtio-comment] Re: [PATCH v1] virtio-crypto: add RSA private key types

["Michael S. Tsirkin" <mst@redhat.com>]

On Thu, May 25, 2023 at 01:01:08PM +0530, Gowrishankar Muthukrishnan wrote:
> With reference to RFC 3447 Section 3.2, private key exists in any of
> the two forms, namely:
>  - exponent
>  - quintuple
> 
> Following this, Appendix A.1.2 recommends private key represented
> including both of the above representations. Hence, for a RSA op,
> it is required to choose one of these types, hence proposing
> two private key types.
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
> ---
>  device-types/crypto/description.tex | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/device-types/crypto/description.tex b/device-types/crypto/description.tex
> index 5705e26..02dcdd0 100644
> --- a/device-types/crypto/description.tex
> +++ b/device-types/crypto/description.tex
> @@ -749,6 +749,11 @@ \subsubsection{Control Virtqueue}\label{sec:Device Types / Crypto Device / Devic
>  #define VIRTIO_CRYPTO_RSA_SHA512    8
>  #define VIRTIO_CRYPTO_RSA_SHA224    9
>      le32 hash_algo;
> +
> +#define VIRTIO_CRYPTO_RSA_PRIVATE_KEY_UNKNOWN 0
> +#define VIRTIO_CRYPTO_RSA_PRIVATE_KEY_EXP     1
> +#define VIRTIO_CRYPTO_RSA_PRIVATE_KEY_QT      2
> +    le8 private_key_type;

add padding to keep things aligned, or just use 32 bit

>  };
>  \end{lstlisting}
>  
> @@ -764,6 +769,13 @@ \subsubsection{Control Virtqueue}\label{sec:Device Types / Crypto Device / Devic
>  It only affects the padding algorithm and is ignored during encryption and decryption.
>  \end{itemize*}
>  
> +\field{private_key_type} specifies the type of private key used by RSA sessions.
> +\begin{itemize*}
> +\item If VIRTIO_CRYPTO_RSA_PRIVATE_KEY_EXP is specified, privateExponent is used.
> +\item If VIRTIO_CRYPTO_RSA_PRIVATE_KEY_QT is specified, prime1, prime2,
> +exponent1, exponent2 and coefficient values are used (see \hyperref[intro:rfc3447]{PKCS\#1}).
> +\end{itemize*}
> +
>  The ECC algorithms such as the ECDSA algorithm, cannot use custom curves, only the
>  following known curves can be used (see \hyperref[intro:NIST]{NIST-recommended curves}).
>  

I think we will need a feature bit to negotiate the change in virtio_crypto_rsa_session_para
format.

-- 
MST


This publicly archived list offers a means to provide input to the
OASIS Virtual I/O Device (VIRTIO) TC.

In order to verify user consent to the Feedback License terms and
to minimize spam in the list archive, subscription is required
before posting.

Subscribe: virtio-comment-subscribe@lists.oasis-open.org
Unsubscribe: virtio-comment-unsubscribe@lists.oasis-open.org
List help: virtio-comment-help@lists.oasis-open.org
List archive: https://lists.oasis-open.org/archives/virtio-comment/
Feedback License: https://www.oasis-open.org/who/ipr/feedback_license.pdf
List Guidelines: https://www.oasis-open.org/policies-guidelines/mailing-lists
Committee: https://www.oasis-open.org/committees/virtio/
Join OASIS: https://www.oasis-open.org/join/