@@ -80,7 +80,6 @@ queue_ops_rsa_sign_verify(void *sess)
asym_op->rsa.message.length = rsaplaintext.len;
asym_op->rsa.sign.length = RTE_DIM(rsa_n);
asym_op->rsa.sign.data = output_buf;
- asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
debug_hexdump(stdout, "message", asym_op->rsa.message.data,
asym_op->rsa.message.length);
@@ -112,7 +111,6 @@ queue_ops_rsa_sign_verify(void *sess)
/* Verify sign */
asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
- asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
/* Process crypto operation */
if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
@@ -171,7 +169,6 @@ queue_ops_rsa_enc_dec(void *sess)
asym_op->rsa.cipher.data = cipher_buf;
asym_op->rsa.cipher.length = RTE_DIM(rsa_n);
asym_op->rsa.message.length = rsaplaintext.len;
- asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
debug_hexdump(stdout, "message", asym_op->rsa.message.data,
asym_op->rsa.message.length);
@@ -203,7 +200,6 @@ queue_ops_rsa_enc_dec(void *sess)
asym_op = result_op->asym;
asym_op->rsa.message.length = RTE_DIM(rsa_n);
asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
- asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
/* Process crypto operation */
if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
@@ -345,6 +345,7 @@ struct rte_crypto_asym_xform rsa_xform = {
.next = NULL,
.xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
.rsa = {
+ .padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5,
.n = {
.data = rsa_n,
.length = sizeof(rsa_n)
@@ -366,6 +367,7 @@ struct rte_crypto_asym_xform rsa_xform_crt = {
.next = NULL,
.xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
.rsa = {
+ .padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5,
.n = {
.data = rsa_n,
.length = sizeof(rsa_n)
@@ -327,7 +327,7 @@ cpt_rsa_prep(struct asym_op_params *rsa_params,
/* Result buffer */
rlen = mod_len;
- if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
+ if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
/* Use mod_exp operation for no_padding type */
vq_cmd_w0.s.opcode.minor = CPT_MINOR_OP_MODEX;
vq_cmd_w0.s.param2 = exp_len;
@@ -412,7 +412,7 @@ cpt_rsa_crt_prep(struct asym_op_params *rsa_params,
/* Result buffer */
rlen = mod_len;
- if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
+ if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
/*Use mod_exp operation for no_padding type */
vq_cmd_w0.s.opcode.minor = CPT_MINOR_OP_MODEX_CRT;
} else {
@@ -177,6 +177,9 @@ cnxk_ae_fill_rsa_params(struct cnxk_ae_sess *sess,
rsa->n.length = mod_len;
rsa->e.length = exp_len;
+ /* Set padding info */
+ rsa->padding.type = xform->rsa.padding.type;
+
return 0;
}
@@ -366,7 +369,7 @@ cnxk_ae_rsa_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf,
dptr += in_size;
dlen = total_key_len + in_size;
- if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
+ if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
/* Use mod_exp operation for no_padding type */
w4.s.opcode_minor = ROC_AE_MINOR_OP_MODEX;
w4.s.param2 = exp_len;
@@ -421,7 +424,7 @@ cnxk_ae_rsa_exp_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf,
dptr += in_size;
dlen = mod_len + privkey_len + in_size;
- if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
+ if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
/* Use mod_exp operation for no_padding type */
w4.s.opcode_minor = ROC_AE_MINOR_OP_MODEX;
w4.s.param2 = privkey_len;
@@ -479,7 +482,7 @@ cnxk_ae_rsa_crt_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf,
dptr += in_size;
dlen = total_key_len + in_size;
- if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
+ if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
/*Use mod_exp operation for no_padding type */
w4.s.opcode_minor = ROC_AE_MINOR_OP_MODEX_CRT;
} else {
@@ -1151,7 +1154,7 @@ cnxk_ae_dequeue_rsa_op(struct rte_crypto_op *cop, uint8_t *rptr,
memcpy(rsa->cipher.data, rptr, rsa->cipher.length);
break;
case RTE_CRYPTO_ASYM_OP_DECRYPT:
- if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
+ if (rsa_ctx->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
rsa->message.length = rsa_ctx->n.length;
memcpy(rsa->message.data, rptr, rsa->message.length);
} else {
@@ -1171,7 +1174,7 @@ cnxk_ae_dequeue_rsa_op(struct rte_crypto_op *cop, uint8_t *rptr,
memcpy(rsa->sign.data, rptr, rsa->sign.length);
break;
case RTE_CRYPTO_ASYM_OP_VERIFY:
- if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
+ if (rsa_ctx->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
rsa->sign.length = rsa_ctx->n.length;
memcpy(rsa->sign.data, rptr, rsa->sign.length);
} else {
@@ -708,7 +708,7 @@ otx_cpt_asym_rsa_op(struct rte_crypto_op *cop, struct cpt_request_info *req,
memcpy(rsa->cipher.data, req->rptr, rsa->cipher.length);
break;
case RTE_CRYPTO_ASYM_OP_DECRYPT:
- if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE)
+ if (rsa_ctx->padding.type == RTE_CRYPTO_RSA_PADDING_NONE)
rsa->message.length = rsa_ctx->n.length;
else {
/* Get length of decrypted output */
@@ -725,7 +725,7 @@ otx_cpt_asym_rsa_op(struct rte_crypto_op *cop, struct cpt_request_info *req,
memcpy(rsa->sign.data, req->rptr, rsa->sign.length);
break;
case RTE_CRYPTO_ASYM_OP_VERIFY:
- if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE)
+ if (rsa_ctx->padding.type == RTE_CRYPTO_RSA_PADDING_NONE)
rsa->sign.length = rsa_ctx->n.length;
else {
/* Get length of decrypted output */
@@ -197,6 +197,7 @@ struct __rte_cache_aligned openssl_asym_session {
union {
struct rsa {
RSA *rsa;
+ uint32_t pad;
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
EVP_PKEY_CTX * ctx;
#endif
@@ -2699,7 +2699,7 @@ process_openssl_rsa_op_evp(struct rte_crypto_op *cop,
struct openssl_asym_session *sess)
{
struct rte_crypto_asym_op *op = cop->asym;
- uint32_t pad = (op->rsa.padding.type);
+ uint32_t pad = sess->u.r.pad;
uint8_t *tmp;
size_t outlen = 0;
int ret = -1;
@@ -3082,7 +3082,7 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
int ret = 0;
struct rte_crypto_asym_op *op = cop->asym;
RSA *rsa = sess->u.r.rsa;
- uint32_t pad = (op->rsa.padding.type);
+ uint32_t pad = sess->u.r.pad;
uint8_t *tmp;
cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
@@ -889,6 +889,7 @@ static int openssl_set_asym_session_parameters(
if (!n || !e)
goto err_rsa;
+ asym_session->u.r.pad = xform->rsa.padding.type;
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
OSSL_PARAM_BLD * param_bld = OSSL_PARAM_BLD_new();
if (!param_bld) {
@@ -362,7 +362,7 @@ rsa_set_pub_input(struct icp_qat_fw_pke_request *qat_req,
alg_bytesize = qat_function.bytesize;
if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
- switch (asym_op->rsa.padding.type) {
+ switch (xform->rsa.padding.type) {
case RTE_CRYPTO_RSA_PADDING_NONE:
SET_PKE_LN(asym_op->rsa.message, alg_bytesize, 0);
break;
@@ -374,7 +374,7 @@ rsa_set_pub_input(struct icp_qat_fw_pke_request *qat_req,
}
HEXDUMP("RSA Message", cookie->input_array[0], alg_bytesize);
} else {
- switch (asym_op->rsa.padding.type) {
+ switch (xform->rsa.padding.type) {
case RTE_CRYPTO_RSA_PADDING_NONE:
SET_PKE_LN(asym_op->rsa.sign, alg_bytesize, 0);
break;
@@ -460,7 +460,7 @@ rsa_set_priv_input(struct icp_qat_fw_pke_request *qat_req,
if (asym_op->rsa.op_type ==
RTE_CRYPTO_ASYM_OP_DECRYPT) {
- switch (asym_op->rsa.padding.type) {
+ switch (xform->rsa.padding.type) {
case RTE_CRYPTO_RSA_PADDING_NONE:
SET_PKE_LN(asym_op->rsa.cipher, alg_bytesize, 0);
HEXDUMP("RSA ciphertext", cookie->input_array[0],
@@ -474,7 +474,7 @@ rsa_set_priv_input(struct icp_qat_fw_pke_request *qat_req,
} else if (asym_op->rsa.op_type ==
RTE_CRYPTO_ASYM_OP_SIGN) {
- switch (asym_op->rsa.padding.type) {
+ switch (xform->rsa.padding.type) {
case RTE_CRYPTO_RSA_PADDING_NONE:
SET_PKE_LN(asym_op->rsa.message, alg_bytesize, 0);
HEXDUMP("RSA text to be signed", cookie->input_array[0],
@@ -514,7 +514,8 @@ rsa_set_input(struct icp_qat_fw_pke_request *qat_req,
static uint8_t
rsa_collect(struct rte_crypto_asym_op *asym_op,
- const struct qat_asym_op_cookie *cookie)
+ const struct qat_asym_op_cookie *cookie,
+ const struct rte_crypto_asym_xform *xform)
{
uint32_t alg_bytesize = cookie->alg_bytesize;
@@ -530,7 +531,7 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
HEXDUMP("RSA Encrypted data", cookie->output_array[0],
alg_bytesize);
} else {
- switch (asym_op->rsa.padding.type) {
+ switch (xform->rsa.padding.type) {
case RTE_CRYPTO_RSA_PADDING_NONE:
rte_memcpy(asym_op->rsa.cipher.data,
cookie->output_array[0],
@@ -547,7 +548,7 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
}
} else {
if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
- switch (asym_op->rsa.padding.type) {
+ switch (xform->rsa.padding.type) {
case RTE_CRYPTO_RSA_PADDING_NONE:
rte_memcpy(asym_op->rsa.message.data,
cookie->output_array[0],
@@ -1105,7 +1106,7 @@ qat_asym_collect_response(struct rte_crypto_op *op,
case RTE_CRYPTO_ASYM_XFORM_MODINV:
return modinv_collect(asym_op, cookie, xform);
case RTE_CRYPTO_ASYM_XFORM_RSA:
- return rsa_collect(asym_op, cookie);
+ return rsa_collect(asym_op, cookie, xform);
case RTE_CRYPTO_ASYM_XFORM_ECDSA:
return ecdsa_collect(asym_op, cookie);
case RTE_CRYPTO_ASYM_XFORM_ECPM:
@@ -926,31 +926,7 @@ prepare_rsa_op(void)
__rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
asym = env.op->asym;
- asym->rsa.padding.type = info.interim_info.rsa_data.padding;
- asym->rsa.padding.hash = info.interim_info.rsa_data.auth;
-
if (env.digest) {
- if (asym->rsa.padding.type == RTE_CRYPTO_RSA_PADDING_PKCS1_5) {
- int b_len = 0;
- uint8_t b[32];
-
- b_len = get_hash_oid(asym->rsa.padding.hash, b);
- if (b_len < 0) {
- RTE_LOG(ERR, USER1, "Failed to get digest info for hash %d\n",
- asym->rsa.padding.hash);
- return -EINVAL;
- }
-
- if (b_len) {
- msg.len = env.digest_len + b_len;
- msg.val = rte_zmalloc(NULL, msg.len, 0);
- rte_memcpy(msg.val, b, b_len);
- rte_memcpy(msg.val + b_len, env.digest, env.digest_len);
- rte_free(env.digest);
- env.digest = msg.val;
- env.digest_len = msg.len;
- }
- }
msg.val = env.digest;
msg.len = env.digest_len;
} else {
@@ -1536,6 +1512,34 @@ prepare_rsa_xform(struct rte_crypto_asym_xform *xform)
xform->rsa.e.length = vec.rsa.e.len;
xform->rsa.n.data = vec.rsa.n.val;
xform->rsa.n.length = vec.rsa.n.len;
+
+ xform->rsa.padding.type = info.interim_info.rsa_data.padding;
+ xform->rsa.padding.hash = info.interim_info.rsa_data.auth;
+ if (env.digest) {
+ if (xform->rsa.padding.type == RTE_CRYPTO_RSA_PADDING_PKCS1_5) {
+ struct fips_val msg;
+ int b_len = 0;
+ uint8_t b[32];
+
+ b_len = get_hash_oid(xform->rsa.padding.hash, b);
+ if (b_len < 0) {
+ RTE_LOG(ERR, USER1, "Failed to get digest info for hash %d\n",
+ xform->rsa.padding.hash);
+ return -EINVAL;
+ }
+
+ if (b_len) {
+ msg.len = env.digest_len + b_len;
+ msg.val = rte_zmalloc(NULL, msg.len, 0);
+ rte_memcpy(msg.val, b, b_len);
+ rte_memcpy(msg.val + b_len, env.digest, env.digest_len);
+ rte_free(env.digest);
+ env.digest = msg.val;
+ env.digest_len = msg.len;
+ }
+ }
+ }
+
return 0;
}
@@ -312,6 +312,9 @@ struct rte_crypto_rsa_xform {
struct rte_crypto_rsa_priv_key_qt qt;
/**< qt - Private key in quintuple format */
};
+
+ struct rte_crypto_rsa_padding padding;
+ /**< RSA padding information */
};
/**
@@ -447,9 +450,6 @@ struct rte_crypto_rsa_op_param {
* This could be validated and overwritten by the PMD
* with the signature length.
*/
-
- struct rte_crypto_rsa_padding padding;
- /**< RSA padding information */
};
/**