From patchwork Wed May 25 15:53:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 111825 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 19013A0555; Wed, 25 May 2022 19:03:13 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 087D040C35; Wed, 25 May 2022 19:03:13 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id CA6A64067B for ; Wed, 25 May 2022 19:03:11 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653498192; x=1685034192; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=fOFPYWUQAp8oRmzJKvjqAEOhn0i6PCNKINyWaBYnjhg=; b=MJ9gx78/U6kSbazl+3o2QHQMFP4IzAAcvEi/PXLHHZ/bFGjKnQO8Bdob 7r280Y9eBBl8FzG/fS9UlBoUiTFY+EV8LH9LBC0NPCeDG7mJTwHRmlry5 tWep+PXYEJzyDnQFmVdvMkLSLz8GPL50OGF+3eX6dOGlHgrIp8aGySE4c iTiG5/5F9xchrdvmzLo2ZeARSHu0/ZLqXOsSAgT0DNhTwYVbsrF7/M2Ga P72HKhd1fIHzP+5DDG1T0axC+xWKy3Cyv1gnusFqesf8AXUXhWraTno64 r6iULaFB/aDf5vOlG2qJKxuusjtzN3LTq8n4/a62LKEbhKA7kBau0jfEW w==; X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="273596028" X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="273596028" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 May 2022 10:01:09 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="664502271" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by FMSMGA003.fm.intel.com with ESMTP; 25 May 2022 10:01:08 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v2 01/14] cryptodev: redefine ec group enum Date: Wed, 25 May 2022 16:53:11 +0100 Message-Id: <20220525155324.9288-2-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> References: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org - EC enum was renamed to rte_crypto_curve_id. Elliptic curve enum name was incorrectly associated with group (it comes from current tls registry name). - Clarified comments about TLS deprecation. Some curves included are deprecated with TLS 1.3. Comments to address it were added. - Clarified FFDH groups usage. Elliptic curves IDs in TLS are placed in the same registry as FFDH. Cryptodev does not assign specific groups, and if specific groups would be assigned by DPDK, it cannot be TLS SupportedGroups registry, as it would conflict with other protocols like IPSec. - Added IANA reference. Only few selected curves are included in previously referenced rfc8422. IANA reference is added instead. - Removed UNKNOWN ec group. There is no default value, and there is no UNKNOWN elliptic curve. Signed-off-by: Arek Kusztal Acked-by: Akhil Goyal --- lib/cryptodev/rte_crypto_asym.h | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index cd24d4b07b..7206652458 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -38,16 +38,20 @@ extern const char * rte_crypto_asym_op_strings[]; /** - * TLS named curves - * https://tools.ietf.org/html/rfc8422 + * List of elliptic curves. This enum aligns with + * TLS "Supported Groups" registry (previously known as + * NamedCurve registry). FFDH groups are not, and will not + * be included in this list. + * Deprecation for selected curve in tls does not deprecate + * the selected curve in Cryptodev. + * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml */ -enum rte_crypto_ec_group { - RTE_CRYPTO_EC_GROUP_UNKNOWN = 0, +enum rte_crypto_curve_id { RTE_CRYPTO_EC_GROUP_SECP192R1 = 19, RTE_CRYPTO_EC_GROUP_SECP224R1 = 21, RTE_CRYPTO_EC_GROUP_SECP256R1 = 23, RTE_CRYPTO_EC_GROUP_SECP384R1 = 24, - RTE_CRYPTO_EC_GROUP_SECP521R1 = 25, + RTE_CRYPTO_EC_GROUP_SECP521R1 = 25 }; /** @@ -294,7 +298,7 @@ struct rte_crypto_dsa_xform { * */ struct rte_crypto_ec_xform { - enum rte_crypto_ec_group curve_id; + enum rte_crypto_curve_id curve_id; /**< Pre-defined ec groups */ }; From patchwork Wed May 25 15:53:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 111826 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 06B14A0555; Wed, 25 May 2022 19:03:25 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id EC5D04113D; Wed, 25 May 2022 19:03:24 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id 03E4B40151 for ; Wed, 25 May 2022 19:03:22 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653498203; x=1685034203; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=dRbeVbZCaL2GZ9592KVyoaIZMqgImOEZwwrRGEa1As4=; b=ZnFVuMKtfhYIfhGyZFrDSpmzFUP8bV1Sn91nf88ZhKRb5XPXMhInJ4xf 5ARqxrXS36ECF/16ChcLhfWWV5yeYzryihZMy6QDovIc7Em1eNCm5qgAY EoQ6KErVVJdo6Xp2k1pLsnh+QbTIJXJolWSUvNBRoEAjsWWKqAvmX/KN9 HdqmkjIeGl69f9F4mYTtjh5UF6AqNsDh/Z1R5jog8/auk1Z2KfC9+9prp Sk7cCyPX3xQpEjGdZUxgodW6/g5zOGSxvDk6bOrRP8xbP5i9CafBfrm/Y tDsV3ZGHHolZaBqjPlp1Wq5bKQjnDIm+d3H2x5OLyUM5eNYiGgOUfmG0E Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="273596088" X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="273596088" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 May 2022 10:01:11 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="664502294" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by FMSMGA003.fm.intel.com with ESMTP; 25 May 2022 10:01:10 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v2 02/14] cryptodev: reduce number of comments in asym xform Date: Wed, 25 May 2022 16:53:12 +0100 Message-Id: <20220525155324.9288-3-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> References: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org - Reduced number of comments in asymmetric xform. Information describing basic functionality of well known algorithms are unnecessary. - Removed NONE asymetric xform. Signed-off-by: Arek Kusztal --- app/test/test_cryptodev_asym.c | 2 - lib/cryptodev/rte_crypto_asym.h | 114 ++++++++++++++++------------------------ lib/cryptodev/rte_cryptodev.c | 1 - 3 files changed, 46 insertions(+), 71 deletions(-) diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index 573af2a537..5aa9d65395 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -288,7 +288,6 @@ test_cryptodev_asym_ver(struct rte_crypto_op *op, break; case RTE_CRYPTO_ASYM_XFORM_DH: case RTE_CRYPTO_ASYM_XFORM_DSA: - case RTE_CRYPTO_ASYM_XFORM_NONE: case RTE_CRYPTO_ASYM_XFORM_UNSPECIFIED: default: break; @@ -440,7 +439,6 @@ test_cryptodev_asym_op(struct crypto_testsuite_params_asym *ts_params, break; case RTE_CRYPTO_ASYM_XFORM_DH: case RTE_CRYPTO_ASYM_XFORM_DSA: - case RTE_CRYPTO_ASYM_XFORM_NONE: case RTE_CRYPTO_ASYM_XFORM_UNSPECIFIED: default: snprintf(test_msg, ASYM_TEST_MSG_LEN, diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 7206652458..66ffb29743 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -38,6 +38,40 @@ extern const char * rte_crypto_asym_op_strings[]; /** + * Buffer to hold crypto params required for asym operations. + * + * These buffers can be used for both input to PMD and output from PMD. When + * used for output from PMD, application has to ensure the buffer is large + * enough to hold the target data. + * + * If an operation requires the PMD to generate a random number, + * and the device supports CSRNG, 'data' should be set to NULL. + * The crypto parameter in question will not be used by the PMD, + * as it is internally generated. + */ +typedef struct rte_crypto_param_t { + uint8_t *data; + /**< pointer to buffer holding data */ + rte_iova_t iova; + /**< IO address of data buffer */ + size_t length; + /**< length of data in bytes */ +} rte_crypto_param; + +/** Unsigned big-integer in big-endian format */ +typedef rte_crypto_param rte_crypto_uint; + +/** + * Structure for elliptic curve point + */ +struct rte_crypto_ec_point { + rte_crypto_param x; + /**< X coordinate */ + rte_crypto_param y; + /**< Y coordinate */ +}; + +/** * List of elliptic curves. This enum aligns with * TLS "Supported Groups" registry (previously known as * NamedCurve registry). FFDH groups are not, and will not @@ -55,46 +89,23 @@ enum rte_crypto_curve_id { }; /** - * Asymmetric crypto transformation types. - * Each xform type maps to one asymmetric algorithm - * performing specific operation - * + * Asymmetric crypto algorithms */ enum rte_crypto_asym_xform_type { - RTE_CRYPTO_ASYM_XFORM_UNSPECIFIED = 0, + RTE_CRYPTO_ASYM_XFORM_UNSPECIFIED, /**< Invalid xform. */ - RTE_CRYPTO_ASYM_XFORM_NONE, - /**< Xform type None. - * May be supported by PMD to support - * passthrough op for debugging purpose. - * if xform_type none , op_type is disregarded. - */ RTE_CRYPTO_ASYM_XFORM_RSA, - /**< RSA. Performs Encrypt, Decrypt, Sign and Verify. - * Refer to rte_crypto_asym_op_type - */ + /**< RSA */ RTE_CRYPTO_ASYM_XFORM_DH, - /**< Diffie-Hellman. - * Performs Key Generate and Shared Secret Compute. - * Refer to rte_crypto_asym_op_type - */ + /**< Diffie-Hellman */ RTE_CRYPTO_ASYM_XFORM_DSA, - /**< Digital Signature Algorithm - * Performs Signature Generation and Verification. - * Refer to rte_crypto_asym_op_type - */ + /**< Digital Signature Algorithm */ RTE_CRYPTO_ASYM_XFORM_MODINV, - /**< Modular Multiplicative Inverse - * Perform Modular Multiplicative Inverse b^(-1) mod n - */ + /**< Modular Multiplicative Inverse */ RTE_CRYPTO_ASYM_XFORM_MODEX, - /**< Modular Exponentiation - * Perform Modular Exponentiation b^e mod n - */ + /**< Modular Exponentiation */ RTE_CRYPTO_ASYM_XFORM_ECDSA, - /**< Elliptic Curve Digital Signature Algorithm - * Perform Signature Generation and Verification. - */ + /**< Elliptic Curve Digital Signature Algorithm */ RTE_CRYPTO_ASYM_XFORM_ECPM, /**< Elliptic Curve Point Multiplication */ RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END @@ -126,11 +137,12 @@ enum rte_crypto_asym_op_type { * Padding types for RSA signature. */ enum rte_crypto_rsa_padding_type { - RTE_CRYPTO_RSA_PADDING_NONE = 0, + RTE_CRYPTO_RSA_PADDING_NONE, /**< RSA no padding scheme */ RTE_CRYPTO_RSA_PADDING_PKCS1_5, - /**< RSA PKCS#1 PKCS1-v1_5 padding scheme. For signatures block type 01, - * for encryption block type 02 are used. + /**< RSA PKCS#1 PKCS1-v1_5 padding scheme. + * For signatures block type 01, for encryption + * block type 02 are used. */ RTE_CRYPTO_RSA_PADDING_OAEP, /**< RSA PKCS#1 OAEP padding scheme */ @@ -156,40 +168,6 @@ enum rte_crypto_rsa_priv_key_type { }; /** - * Buffer to hold crypto params required for asym operations. - * - * These buffers can be used for both input to PMD and output from PMD. When - * used for output from PMD, application has to ensure the buffer is large - * enough to hold the target data. - * - * If an operation requires the PMD to generate a random number, - * and the device supports CSRNG, 'data' should be set to NULL. - * The crypto parameter in question will not be used by the PMD, - * as it is internally generated. - */ -typedef struct rte_crypto_param_t { - uint8_t *data; - /**< pointer to buffer holding data */ - rte_iova_t iova; - /**< IO address of data buffer */ - size_t length; - /**< length of data in bytes */ -} rte_crypto_param; - -/** Unsigned big-integer in big-endian format */ -typedef rte_crypto_param rte_crypto_uint; - -/** - * Structure for elliptic curve point - */ -struct rte_crypto_ec_point { - rte_crypto_param x; - /**< X coordinate */ - rte_crypto_param y; - /**< Y coordinate */ -}; - -/** * Structure describing RSA private key in quintuple format. * See PKCS V1.5 RSA Cryptography Standard. */ diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c index e16e6802aa..691625bd04 100644 --- a/lib/cryptodev/rte_cryptodev.c +++ b/lib/cryptodev/rte_cryptodev.c @@ -160,7 +160,6 @@ rte_crypto_aead_operation_strings[] = { * Asymmetric crypto transform operation strings identifiers. */ const char *rte_crypto_asym_xform_strings[] = { - [RTE_CRYPTO_ASYM_XFORM_NONE] = "none", [RTE_CRYPTO_ASYM_XFORM_RSA] = "rsa", [RTE_CRYPTO_ASYM_XFORM_MODEX] = "modexp", [RTE_CRYPTO_ASYM_XFORM_MODINV] = "modinv", From patchwork Wed May 25 15:53:13 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 111827 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E9CEAA0555; Wed, 25 May 2022 19:03:38 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DC630427EC; Wed, 25 May 2022 19:03:38 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id D567242684 for ; Wed, 25 May 2022 19:03:36 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653498217; x=1685034217; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=aWmq8/kNTe8Purt+ulaAs8v/xaHq2cq7dyBZoCiM9dw=; b=IM02CAitsOoxXAbVr9SHOjw93OK4QBhItCLlLQKAI2sOTdVt+nXCa/fA NG82+GY4SzOWyshZ1iYkpQ2Qeu9fcbZTQfR08v6cnloIgDrJM07Lu1yYf jt9dBuShzVbe3M4Vb2+bRlRFJH5sRHEZLsv23eo0RDVfQ6cZUmmPy8mr4 YMhh3hbrsEwVJmdqmmFg1XDd6BicZMt8hyapuGNbh+9TjjAHqdks3tnUr hWXAA2ShCTcT3wRkntNnwYQJd9W+IcPGMu72SWANSqlxU1ybzaZ2hdoEd flEO2JOPsNTn2bgoXNtxuDl7SkTIzT2jsyE49po6Z5Qve8fDj4sGvZmDe g==; X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="273596153" X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="273596153" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 May 2022 10:01:13 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="664502305" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by FMSMGA003.fm.intel.com with ESMTP; 25 May 2022 10:01:11 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v2 03/14] cryptodev: separate key exchange operation enum Date: Wed, 25 May 2022 16:53:13 +0100 Message-Id: <20220525155324.9288-4-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> References: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org - Separated key exchange enum from asym op type. Key exchange and asymmetric crypto operations like signatures, encryption/decryption should not share same operation enum as its use cases are unrelated and mutually exclusive. Therefore op_type was separate into: 1) operation type 2) key exchange operation type Signed-off-by: Arek Kusztal --- app/test/test_cryptodev_asym.c | 11 +++---- drivers/crypto/openssl/rte_openssl_pmd.c | 10 +++---- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 12 ++++---- lib/cryptodev/rte_crypto_asym.h | 45 +++++++++++++++++----------- lib/cryptodev/rte_cryptodev.c | 14 ++++++--- 5 files changed, 55 insertions(+), 37 deletions(-) diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index 5aa9d65395..1b77aa2b6a 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -1062,7 +1062,7 @@ test_dh_gen_shared_sec(struct rte_crypto_asym_xform *xfrm) asym_op = op->asym; /* Setup a xform and op to generate private key only */ - xform.dh.type = RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE; + xform.dh.type = RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE; xform.next = NULL; asym_op->dh.priv_key.data = dh_test_params.priv_key.data; asym_op->dh.priv_key.length = dh_test_params.priv_key.length; @@ -1144,7 +1144,7 @@ test_dh_gen_priv_key(struct rte_crypto_asym_xform *xfrm) asym_op = op->asym; /* Setup a xform and op to generate private key only */ - xform.dh.type = RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE; + xform.dh.type = RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE; xform.next = NULL; asym_op->dh.priv_key.data = output; asym_op->dh.priv_key.length = sizeof(output); @@ -1227,7 +1227,7 @@ test_dh_gen_pub_key(struct rte_crypto_asym_xform *xfrm) * using test private key * */ - xform.dh.type = RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE; + xform.dh.type = RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE; xform.next = NULL; asym_op->dh.pub_key.data = output; @@ -1317,9 +1317,10 @@ test_dh_gen_kp(struct rte_crypto_asym_xform *xfrm) /* Setup a xform chain to generate * private key first followed by * public key - */xform.dh.type = RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE; + */ + xform.dh.type = RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE; pub_key_xform.xform_type = RTE_CRYPTO_ASYM_XFORM_DH; - pub_key_xform.dh.type = RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE; + pub_key_xform.dh.type = RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE; xform.next = &pub_key_xform; asym_op->dh.pub_key.data = out_pub_key; diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index d80e1052e2..2a3930df0a 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1697,7 +1697,7 @@ process_openssl_dh_op(struct rte_crypto_op *cop, int ret = 0; if (sess->u.dh.key_op & - (1 << RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE)) { + (1 << RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE)) { /* compute shared secret using peer public key * and current private key * shared secret = peer_key ^ priv_key mod p @@ -1754,9 +1754,9 @@ process_openssl_dh_op(struct rte_crypto_op *cop, * then first set DH with user provided private key */ if ((sess->u.dh.key_op & - (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) && + (1 << RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE)) && !(sess->u.dh.key_op & - (1 << RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE))) { + (1 << RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE))) { /* generate public key using user-provided private key * pub_key = g ^ priv_key mod p */ @@ -1790,7 +1790,7 @@ process_openssl_dh_op(struct rte_crypto_op *cop, return 0; } - if (sess->u.dh.key_op & (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) { + if (sess->u.dh.key_op & (1 << RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE)) { const BIGNUM *pub_key = NULL; OPENSSL_LOG(DEBUG, "%s:%d update public key\n", @@ -1805,7 +1805,7 @@ process_openssl_dh_op(struct rte_crypto_op *cop, } if (sess->u.dh.key_op & - (1 << RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE)) { + (1 << RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE)) { const BIGNUM *priv_key = NULL; OPENSSL_LOG(DEBUG, "%s:%d updated priv key\n", diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 1cb07794bd..c975ef640a 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -533,10 +533,10 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { .xform_capa = { .xform_type = RTE_CRYPTO_ASYM_XFORM_DH, .op_types = - ((1<u.dh.key_op = (1 << xform->dh.type); if (xform->dh.type == - RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) { + RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE) { /* check if next is pubkey */ if ((xform->next != NULL) && (xform->next->xform_type == RTE_CRYPTO_ASYM_XFORM_DH) && (xform->next->dh.type == - RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE) + RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE) ) { /* * setup op as pub/priv key @@ -1023,7 +1023,7 @@ static int openssl_set_asym_session_parameters( */ asym_session->u.dh.key_op |= (1 << - RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE); + RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE); } } asym_session->u.dh.dh_key = dh; diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 66ffb29743..2b427afa3f 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -33,6 +33,10 @@ struct rte_cryptodev_asym_session; extern const char * rte_crypto_asym_xform_strings[]; +/** asym key exchange operation type name strings */ +extern const char * +rte_crypto_asym_ke_strings[]; + /** asym operations type name strings */ extern const char * rte_crypto_asym_op_strings[]; @@ -124,16 +128,22 @@ enum rte_crypto_asym_op_type { /**< Signature Generation operation */ RTE_CRYPTO_ASYM_OP_VERIFY, /**< Signature Verification operation */ - RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE, - /**< DH Private Key generation operation */ - RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE, - /**< DH Public Key generation operation */ - RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE, - /**< DH Shared Secret compute operation */ RTE_CRYPTO_ASYM_OP_LIST_END }; /** + * Asymmetric crypto key exchange operation type + */ +enum rte_crypto_asym_ke_type { + RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE, + /**< Private Key generation operation */ + RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, + /**< Public Key generation operation */ + RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE + /**< Shared Secret compute operation */ +}; + +/** * Padding types for RSA signature. */ enum rte_crypto_rsa_padding_type { @@ -238,7 +248,7 @@ struct rte_crypto_modinv_xform { * */ struct rte_crypto_dh_xform { - enum rte_crypto_asym_op_type type; + enum rte_crypto_asym_ke_type type; /**< Setup xform for key generate or shared secret compute */ rte_crypto_uint p; /**< Prime modulus data */ @@ -375,26 +385,27 @@ struct rte_crypto_rsa_op_param { struct rte_crypto_dh_op_param { rte_crypto_uint pub_key; /**< - * Output generated public key when xform type is - * DH PUB_KEY_GENERATION. - * Input peer public key when xform type is DH - * SHARED_SECRET_COMPUTATION + * Output - generated public key, when xform type is + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE. * + * Input - peer's public key, when xform type is + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. */ rte_crypto_uint priv_key; /**< - * Output generated private key if xform type is - * DH PRIVATE_KEY_GENERATION - * Input when xform type is DH SHARED_SECRET_COMPUTATION. + * Output - generated private key, when xform type is + * RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE. * + * Input - private key, when xform type is one of: + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. */ rte_crypto_uint shared_secret; /**< - * Output with calculated shared secret - * when dh xform set up with op type = SHARED_SECRET_COMPUTATION. - * + * Output - calculated shared secret when xform type is + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. */ }; diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c index 691625bd04..af58f49d07 100644 --- a/lib/cryptodev/rte_cryptodev.c +++ b/lib/cryptodev/rte_cryptodev.c @@ -176,10 +176,16 @@ const char *rte_crypto_asym_op_strings[] = { [RTE_CRYPTO_ASYM_OP_ENCRYPT] = "encrypt", [RTE_CRYPTO_ASYM_OP_DECRYPT] = "decrypt", [RTE_CRYPTO_ASYM_OP_SIGN] = "sign", - [RTE_CRYPTO_ASYM_OP_VERIFY] = "verify", - [RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE] = "priv_key_generate", - [RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE] = "pub_key_generate", - [RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE] = "sharedsecret_compute", + [RTE_CRYPTO_ASYM_OP_VERIFY] = "verify" +}; + +/** + * Asymmetric crypto key exchange operation strings identifiers. + */ +const char *rte_crypto_asym_ke_strings[] = { + [RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE] = "priv_key_generate", + [RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE] = "pub_key_generate", + [RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE] = "sharedsecret_compute" }; /** From patchwork Wed May 25 15:53:14 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 111828 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3FF49A0555; Wed, 25 May 2022 19:03:47 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 232C04281C; Wed, 25 May 2022 19:03:42 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id 4CB2E427F2 for ; Wed, 25 May 2022 19:03:39 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653498219; x=1685034219; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=FL5vKTocJn4X3evpEqmdeWjyKnN04RfEXCoLFhELuCU=; b=CNq9jYDOncSFQ6aXeXUy7BSP0bFTunJk5DkBp2u7Ml7awEa9+567y3p4 eciccpYtUO1ohjzx8T6zJc7sqMfWCm94235LxJqoU1w2ym2ACOM1pvGHc 4CamD3ouhqYALM8Pi3NPY6oKp7oJXJNbn7tX1+u3GUeYYWFUREnZXPAgu FJqu6Fjd1faSIX0nbvvWQZu1mCtagMSZYl+/0IGVKI+atIZZn2g7RjVTU rUj76aA4VAGS3D2hASYvyRVgUGfaJxNdfNBWSn6qikDAjqyYmRHGPVfkZ TvbZQd3KzoiLhv+9nmLhYY1qj1hczklr3BA4MD8vs5eSt0Mlsxve8T/aD g==; X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="273596192" X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="273596192" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 May 2022 10:01:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="664502314" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by FMSMGA003.fm.intel.com with ESMTP; 25 May 2022 10:01:14 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v2 04/14] cryptodev: remove comment about using ephemeral key in dsa Date: Wed, 25 May 2022 16:53:14 +0100 Message-Id: <20220525155324.9288-5-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> References: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org - Removed comment that stated dsa can be used with Diffie Hellman ephemeral key. DH and DSA integration allowed to use ephemeral keys for random integer but not for private keys. Signed-off-by: Arek Kusztal Acked-by: Akhil Goyal --- lib/cryptodev/rte_crypto_asym.h | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 2b427afa3f..ef8686fda8 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -270,13 +270,7 @@ struct rte_crypto_dsa_xform { rte_crypto_uint g; /**< Generator of the subgroup */ rte_crypto_uint x; - /**< x: Private key of the signer in octet-string network - * byte order format. - * Used when app has pre-defined private key. - * Valid only when xform chain is DSA ONLY. - * if xform chain is DH private key generate + DSA, then DSA sign - * compute will use internally generated key. - */ + /**< x: Private key of the signer */ }; /** From patchwork Wed May 25 15:53:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 111829 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6C2AFA0555; Wed, 25 May 2022 19:03:54 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0DA9540E2D; Wed, 25 May 2022 19:03:52 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id AC2F140143 for ; Wed, 25 May 2022 19:03:49 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653498229; x=1685034229; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=lR018pcU6YfRK134xsagEBS8cuw1POLxWISxL8RXk1c=; b=PTqUtns/nBlv9QdmIXdSkU2/Xg1pG/rIjFr2PylXXYQB8KmI1Wj3pxyZ qja7XwJ38+2klXILM7waOjD0EYmGQUfxTwl76aETLvXmlI1F5OUjCKEOz Q6EpBSjYebk4QWadEsHCBKJzlMLf3Jqr/++0t2MebWWk7X3fySIxQLGIe PSo72H1/YS4yAlijtSkjIXIBeGO7W7oy3mJFumF0d+9shKtfmlD4fYSgx 0LLPD7TJGg4n6vpqmg9+j/VwNnp0DOsJhEHqdJiXdwtD+KFSsEBgDOUUV xzkxIWsTDZEsSOuypIshzf0hYtVfS3MpPMfwB3poEn5Wssh3jo8YGnhw9 A==; X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="273596250" X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="273596250" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 May 2022 10:01:17 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="664502333" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by FMSMGA003.fm.intel.com with ESMTP; 25 May 2022 10:01:15 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v2 05/14] cryptodev: clarify usage of private key in dh Date: Wed, 25 May 2022 16:53:15 +0100 Message-Id: <20220525155324.9288-6-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> References: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org - Clarified usage of private key in Diffie-Hellman. CSRNG capable device should generate private key and then use it for public key generation. Signed-off-by: Arek Kusztal Acked-by: Akhil Goyal --- lib/cryptodev/rte_crypto_asym.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index ef8686fda8..1a77a74478 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -394,6 +394,11 @@ struct rte_crypto_dh_op_param { * Input - private key, when xform type is one of: * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. + * + * In case priv_key.length is 0 and xform type is set with + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, CSRNG capable + * device will generate private key and use it for public + * key generation. */ rte_crypto_uint shared_secret; From patchwork Wed May 25 15:53:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 111830 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 207BCA0555; Wed, 25 May 2022 19:04:01 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DD79F4067B; Wed, 25 May 2022 19:03:57 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id 3348240143 for ; Wed, 25 May 2022 19:03:56 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653498236; x=1685034236; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=62ZOVyOTA1B9RYGUM9mrmcyIHTBdTGZ6WoLua6BkrYQ=; b=POBpiFspd7k0kzH8rM1T4/dKGR2nJnphGDi/VGBCL4EURmCRXfPcBqP6 fNu0Ch99akSp6lmntUNsi+2aLt4yQrOLE873UECCLb5SjoW9SxALdc1BU 6sMl0GxkswXxwuct8/rdMrlyqGv3+aJ3OeBSBcnFvWwyRfT44FwIUuAVn p5vS9vxCl3LA30EBkyyeHaB7ASN6Yvk2znO933fh9UWuVrZibYNsGuUBM 1OlNvdVgyPLVcJvvry77tjlCWPO0bPkqQoMddaunBxMu/gUKGjVdT49kB vTcC9RHEtWvWSXeN4qR5rhNe/53eJe4BU4/8ESf/GCV5vTDQtwRAYpq/V A==; X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="273596297" X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="273596297" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 May 2022 10:01:19 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="664502344" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by FMSMGA003.fm.intel.com with ESMTP; 25 May 2022 10:01:17 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v2 06/14] cryptodev: move dh type from xform to dh op Date: Wed, 25 May 2022 16:53:16 +0100 Message-Id: <20220525155324.9288-7-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> References: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org - Moved dh operation type to dh operation struct. Operation type (PUBLIC_KEY_GENERATION, SHARED_SECRET) should be free to choose for any operation. One xform/session should be enough to perform both DH operations, if op_type would be xform member, session would have to be to be created twice for the same group. Similar problem would be observed in sessionless case. Additionally, it will help extend DH to support Elliptic Curves. - Changed order of Diffie-Hellman operation phases. Now it corresponds with the order of operations. Signed-off-by: Arek Kusztal Acked-by: Akhil Goyal --- app/test/test_cryptodev_asym.c | 11 +++++------ drivers/crypto/openssl/rte_openssl_pmd.c | 15 ++++++--------- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 27 --------------------------- lib/cryptodev/rte_crypto_asym.h | 22 ++++++++++------------ 4 files changed, 21 insertions(+), 54 deletions(-) diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index 1b77aa2b6a..a151051165 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -1062,8 +1062,8 @@ test_dh_gen_shared_sec(struct rte_crypto_asym_xform *xfrm) asym_op = op->asym; /* Setup a xform and op to generate private key only */ - xform.dh.type = RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE; xform.next = NULL; + asym_op->dh.op_type = RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE; asym_op->dh.priv_key.data = dh_test_params.priv_key.data; asym_op->dh.priv_key.length = dh_test_params.priv_key.length; asym_op->dh.pub_key.data = (uint8_t *)peer; @@ -1144,8 +1144,8 @@ test_dh_gen_priv_key(struct rte_crypto_asym_xform *xfrm) asym_op = op->asym; /* Setup a xform and op to generate private key only */ - xform.dh.type = RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE; xform.next = NULL; + asym_op->dh.op_type = RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE; asym_op->dh.priv_key.data = output; asym_op->dh.priv_key.length = sizeof(output); @@ -1227,9 +1227,9 @@ test_dh_gen_pub_key(struct rte_crypto_asym_xform *xfrm) * using test private key * */ - xform.dh.type = RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE; xform.next = NULL; + asym_op->dh.op_type = RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE; asym_op->dh.pub_key.data = output; asym_op->dh.pub_key.length = sizeof(output); /* load pre-defined private key */ @@ -1318,15 +1318,14 @@ test_dh_gen_kp(struct rte_crypto_asym_xform *xfrm) * private key first followed by * public key */ - xform.dh.type = RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE; pub_key_xform.xform_type = RTE_CRYPTO_ASYM_XFORM_DH; - pub_key_xform.dh.type = RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE; xform.next = &pub_key_xform; + asym_op->dh.op_type = RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE; asym_op->dh.pub_key.data = out_pub_key; asym_op->dh.pub_key.length = sizeof(out_pub_key); asym_op->dh.priv_key.data = out_prv_key; - asym_op->dh.priv_key.length = sizeof(out_prv_key); + asym_op->dh.priv_key.length = 0; ret = rte_cryptodev_asym_session_create(dev_id, &xform, sess_mpool, &sess); if (ret < 0) { diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 2a3930df0a..4e11770864 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1692,12 +1692,12 @@ process_openssl_dh_op(struct rte_crypto_op *cop, struct openssl_asym_session *sess) { struct rte_crypto_dh_op_param *op = &cop->asym->dh; + struct rte_crypto_asym_op *asym_op = cop->asym; DH *dh_key = sess->u.dh.dh_key; BIGNUM *priv_key = NULL; int ret = 0; - if (sess->u.dh.key_op & - (1 << RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE)) { + if (asym_op->dh.op_type == RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE) { /* compute shared secret using peer public key * and current private key * shared secret = peer_key ^ priv_key mod p @@ -1753,10 +1753,8 @@ process_openssl_dh_op(struct rte_crypto_op *cop, * if user provides private key, * then first set DH with user provided private key */ - if ((sess->u.dh.key_op & - (1 << RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE)) && - !(sess->u.dh.key_op & - (1 << RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE))) { + if (asym_op->dh.op_type == RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE && + op->priv_key.length) { /* generate public key using user-provided private key * pub_key = g ^ priv_key mod p */ @@ -1790,7 +1788,7 @@ process_openssl_dh_op(struct rte_crypto_op *cop, return 0; } - if (sess->u.dh.key_op & (1 << RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE)) { + if (asym_op->dh.op_type == RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE) { const BIGNUM *pub_key = NULL; OPENSSL_LOG(DEBUG, "%s:%d update public key\n", @@ -1804,8 +1802,7 @@ process_openssl_dh_op(struct rte_crypto_op *cop, op->pub_key.data); } - if (sess->u.dh.key_op & - (1 << RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE)) { + if (asym_op->dh.op_type == RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE) { const BIGNUM *priv_key = NULL; OPENSSL_LOG(DEBUG, "%s:%d updated priv key\n", diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index c975ef640a..16ec5e15eb 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -999,33 +999,6 @@ static int openssl_set_asym_session_parameters( DH_free(dh); goto err_dh; } - - /* - * setup xfrom for - * public key generate, or - * DH Priv key generate, or both - * public and private key generate - */ - asym_session->u.dh.key_op = (1 << xform->dh.type); - - if (xform->dh.type == - RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE) { - /* check if next is pubkey */ - if ((xform->next != NULL) && - (xform->next->xform_type == - RTE_CRYPTO_ASYM_XFORM_DH) && - (xform->next->dh.type == - RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE) - ) { - /* - * setup op as pub/priv key - * pair generationi - */ - asym_session->u.dh.key_op |= - (1 << - RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE); - } - } asym_session->u.dh.dh_key = dh; asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DH; break; diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 1a77a74478..ffb0e8ed17 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -248,8 +248,6 @@ struct rte_crypto_modinv_xform { * */ struct rte_crypto_dh_xform { - enum rte_crypto_asym_ke_type type; - /**< Setup xform for key generate or shared secret compute */ rte_crypto_uint p; /**< Prime modulus data */ rte_crypto_uint g; @@ -377,15 +375,8 @@ struct rte_crypto_rsa_op_param { * @note: */ struct rte_crypto_dh_op_param { - rte_crypto_uint pub_key; - /**< - * Output - generated public key, when xform type is - * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE. - * - * Input - peer's public key, when xform type is - * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. - */ - + enum rte_crypto_asym_ke_type op_type; + /**< Key exchange operation type */ rte_crypto_uint priv_key; /**< * Output - generated private key, when xform type is @@ -400,7 +391,14 @@ struct rte_crypto_dh_op_param { * device will generate private key and use it for public * key generation. */ - + rte_crypto_uint pub_key; + /**< + * Output - generated public key, when xform type is + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE. + * + * Input - peer's public key, when xform type is + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. + */ rte_crypto_uint shared_secret; /**< * Output - calculated shared secret when xform type is From patchwork Wed May 25 15:53:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 111831 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 95E04A0555; Wed, 25 May 2022 19:04:08 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0BDAE40151; Wed, 25 May 2022 19:04:05 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id A6E2D40143 for ; Wed, 25 May 2022 19:04:03 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653498243; x=1685034243; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=KTBPe5IfrIpntqSCc+CcQf/Sy8bTH/+qrtcnxf3NYEE=; b=Fnf2szM43KQgwSZPN+9bTM8Zbf7kcdiB4hWi5eer5vcRBAdTi6s3xp9x O2l5CFJ2rxuNtd37Y6hko8ygWCGyrK7taDbKxhoPnOaWJf123bFpXeoaG Ia9Jolcw3wZ3+/WelJNezSTZt1EYnOGKgiAVjqMCYvd/os0Jr0x+lIiW8 3/j31ZeYV3aIPaBtyrFG9C6Ypr6LmKyxvykYa5EQVQ4LkM4GEfJwGo/bC +WSuVpqTX4EdjbiJxtlUL/Z6b9hcARRToszAwN5AzrCxae7IMKGKh8RLk z75dOfpTtGjxuxaZxfY/LxsEDOuwKPQsk5/YQJJFlAXvhgvHz2tNSBAiu Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="273596347" X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="273596347" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 May 2022 10:01:21 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="664502358" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by FMSMGA003.fm.intel.com with ESMTP; 25 May 2022 10:01:19 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v2 07/14] cryptodev: add elliptic curve diffie hellman Date: Wed, 25 May 2022 16:53:17 +0100 Message-Id: <20220525155324.9288-8-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> References: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org - Added elliptic curve Diffie-Hellman parameters. Point multiplication allows the user to process every phase of ECDH, but for phase 1, user should not really care about the generator. The user does not even need to know what the generator looks like, therefore setting ec xform would make this work. Signed-off-by: Arek Kusztal --- lib/cryptodev/rte_crypto_asym.h | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index ffb0e8ed17..0dab7c0593 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -112,6 +112,8 @@ enum rte_crypto_asym_xform_type { /**< Elliptic Curve Digital Signature Algorithm */ RTE_CRYPTO_ASYM_XFORM_ECPM, /**< Elliptic Curve Point Multiplication */ + RTE_CRYPTO_ASYM_XFORM_ECDH, + /**< Elliptic Curve Diffie Hellman */ RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END /**< End of list */ }; @@ -407,6 +409,42 @@ struct rte_crypto_dh_op_param { }; /** + * Elliptic Curve Diffie-Hellman Operations params. + * @note: + */ +struct rte_crypto_ecdh_op_param { + enum rte_crypto_asym_ke_type op_type; + /**< Key exchange operation type */ + rte_crypto_uint priv_key; + /**< + * Output - generated private key, when xform type is + * RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE. + * + * Input - private key, when xform type is one of: + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. + * + * In case priv_key.length is 0 and xform type is set with + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, CSRNG capable + * device will generate private key and use it for public + * key generation. + */ + struct rte_crypto_ec_point pub_key; + /**< + * Output - generated public key, when xform type is + * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE. + * + * Input - peer's public key, when xform type is + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. + */ + struct rte_crypto_ec_point shared_secret; + /**< + * Output - calculated shared secret when xform type is + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. + */ +}; + +/** * DSA Operations params * */ From patchwork Wed May 25 15:53:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 111832 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A0400A0555; Wed, 25 May 2022 19:04:16 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id F18BF427F3; Wed, 25 May 2022 19:04:14 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id 38512427F0 for ; Wed, 25 May 2022 19:04:13 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653498253; x=1685034253; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=ubCwdFNUCU8GLV2Clz1j1YjWgs6YMm9udHisw2OYLx0=; b=InRQmFYx2SSwMrLrq/JyoJAkcLmsC3798PgB914kN8v5Z4Z6x5J/jzVA 41jKR4jrRyanaJEXWUyiTS4q9CEPsjcjoJRdNs1TD19dftkXOs8z2NMRo cVqYyIpvfQZecJn/fid82KWfX0jTSa9uHISFdqgJJJpzZzdpzw9FqSsRr OZGZy5LRRlMh/BmL49WIAm9pU2UX6WzoVqmNS5YapU7yyzMqpzAaOyXpB Th6Cu+KZjepCW/eEd6RTSmR3SX+ivxjsrk3+eFaUkBBPuMOQXojn9kVXp eEwe7+9DG3DKXVQk6FZrTScpNIGLPXsbAFqq4BTf3ZPyPLaCkhjw9acZg Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="273596388" X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="273596388" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 May 2022 10:01:22 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="664502375" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by FMSMGA003.fm.intel.com with ESMTP; 25 May 2022 10:01:21 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v2 08/14] cryptodev: add public key verify option Date: Wed, 25 May 2022 16:53:18 +0100 Message-Id: <20220525155324.9288-9-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> References: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org - Added key exchange public key verify option. For some elliptic curves public point in DH exchange needs to be checked, if it lays on the curve. Modular exponentiation needs certain checks as well, though mathematically much easier. This commit adds verify option to asym_op operations. Signed-off-by: Arek Kusztal --- lib/cryptodev/rte_crypto_asym.h | 9 ++++++--- lib/cryptodev/rte_cryptodev.c | 3 ++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 0dab7c0593..3eafaecbbe 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -141,8 +141,10 @@ enum rte_crypto_asym_ke_type { /**< Private Key generation operation */ RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE, /**< Public Key generation operation */ - RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE + RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE, /**< Shared Secret compute operation */ + RTE_CRYPTO_ASYM_KE_EC_PUBLIC_KEY_VERIFY, + /**< Public Key Verification */ }; /** @@ -434,8 +436,9 @@ struct rte_crypto_ecdh_op_param { * Output - generated public key, when xform type is * RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE. * - * Input - peer's public key, when xform type is - * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE. + * Input - peer's public key, when xform type is one of: + * RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE, + * RTE_CRYPTO_ASYM_KE_EC_PUBLIC_KEY_VERIFY. */ struct rte_crypto_ec_point shared_secret; /**< diff --git a/lib/cryptodev/rte_cryptodev.c b/lib/cryptodev/rte_cryptodev.c index af58f49d07..57ee6b3f07 100644 --- a/lib/cryptodev/rte_cryptodev.c +++ b/lib/cryptodev/rte_cryptodev.c @@ -185,7 +185,8 @@ const char *rte_crypto_asym_op_strings[] = { const char *rte_crypto_asym_ke_strings[] = { [RTE_CRYPTO_ASYM_KE_PRIVATE_KEY_GENERATE] = "priv_key_generate", [RTE_CRYPTO_ASYM_KE_PUBLIC_KEY_GENERATE] = "pub_key_generate", - [RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE] = "sharedsecret_compute" + [RTE_CRYPTO_ASYM_KE_SHARED_SECRET_COMPUTE] = "sharedsecret_compute", + [RTE_CRYPTO_ASYM_KE_EC_PUBLIC_KEY_VERIFY] = "pub_ec_key_verify" }; /** From patchwork Wed May 25 15:53:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 111833 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3C3F1A0555; Wed, 25 May 2022 19:04:25 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 01A7642B75; Wed, 25 May 2022 19:04:20 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id 5F9CD4281B for ; Wed, 25 May 2022 19:04:18 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653498258; x=1685034258; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=jnBUoqg83LUVjoejJBLBna+SguSLOuLWIeDdo9yGuK0=; b=inKzywviiTtGIP3pYvG6CWO1HgNrpYtIXqiA79iJ8VK9Wktqtz+Br+q1 queIqJcmZ5a7ShLG/bqOUywQu2KxUs8VmGIFg0Xl2Pdbh8jDqvDbvFBao nahV1JL1qMxDkjZOaXD3G5WqiHyCPO7rvbnhu0GJzbpFDd84ZkLFpQOgI 6sVlauz+KCEGrQt7plb0biS0ujhgH0zHsC4kW2UGGVgOv0lEOEHWKDRmA bKVW/oDxJ6VpTkwy7BnmH9e7Rgg/4d7CMdaU/zIk8uXT4nMdWQI/XW11K OrxFASBR1lglj4byl+ns8S0xYdV9IwNPAS3M0tVDhJQg5w7fF3/KX2uBR Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="273596433" X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="273596433" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 May 2022 10:01:24 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="664502391" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by FMSMGA003.fm.intel.com with ESMTP; 25 May 2022 10:01:23 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v2 09/14] cryptodev: add asym op flags Date: Wed, 25 May 2022 16:53:19 +0100 Message-Id: <20220525155324.9288-10-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> References: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org - Added flags to rte_crypto_asym_op struct. It may be shared between different algorithms. - Added Diffie-Hellman padding flags. Diffie-Hellman padding is used in certain protocols, in others, leading zero bytes need to be stripped. Even same protocol may use a different approach - most glaring example is TLS1.2 - TLS1.3. For ease of use, and to avoid additional copy on certain occasions, driver should be able to return both. Signed-off-by: Arek Kusztal --- lib/cryptodev/rte_crypto_asym.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 3eafaecbbe..1a57c0c532 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -75,6 +75,19 @@ struct rte_crypto_ec_point { /**< Y coordinate */ }; +#define RTE_CRYPTO_ASYM_FLAG_PUB_KEY_NO_PADDING RTE_BIT32(0) +/**< + * If set to 1 - public key will be returned + * without leading zero bytes, otherwise it will be + * padded to the left with zero bytes (default) + */ +#define RTE_CRYPTO_ASYM_FLAG_SHARED_KEY_NO_PADDING RTE_BIT32(1) +/**< + * If set to 1 - shared key will be returned + * without leading zero bytes, otherwise it will be + * padded to the left with zero bytes (default) + */ + /** * List of elliptic curves. This enum aligns with * TLS "Supported Groups" registry (previously known as @@ -589,6 +602,8 @@ struct rte_crypto_asym_op { struct rte_crypto_ecdsa_op_param ecdsa; struct rte_crypto_ecpm_op_param ecpm; }; + uint16_t flags; + /**< Asymmetric crypto operation flags */ }; #ifdef __cplusplus From patchwork Wed May 25 15:53:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 111834 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1D8F0A0555; Wed, 25 May 2022 19:04:35 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 290724280B; Wed, 25 May 2022 19:04:31 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id 2169142B8C for ; Wed, 25 May 2022 19:04:28 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653498269; x=1685034269; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=Am5cbHZp/SPLr8fG/XtcskTmKvyvzBkhypk5392INIk=; b=TjcvSBidXVGn4d8fC6WKO8FGp+DR3QPZAI8TfTyfS4im7wtGRIm6YdJ7 mlvi2PMSfOtk9LiRr0peRcx8/21cesn2xYk+Pom/S+V3dx7CHbd2B/mJM XApxSvjIfVrbvf2vSKoOAuLSIXIUodl8vIlhe7fgQ9CHw8Z7m/Mr5viOB pV5a0+ibPi/zxmHYNXLB20jjUh3v1DRGjnQCOafA+TH4IYo3jdVkEg1Zx 2JTryZCkp5SJPQSeoLwbRO9bkF1ZzfW/lXCE+mtpAlP0RculGxDAAad3X sR7LUbBtuATf1AzM/6p2vuFUpnBjRzuIeKkOXfqUvSr8zy4ADsz+cH7Gh A==; X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="273596483" X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="273596483" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 May 2022 10:01:26 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="664502403" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by FMSMGA003.fm.intel.com with ESMTP; 25 May 2022 10:01:25 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v2 10/14] cryptodev: clarify usage of rsa padding hash Date: Wed, 25 May 2022 16:53:20 +0100 Message-Id: <20220525155324.9288-11-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> References: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org - Clarified usage of RSA padding hash. It was not specified how to use hash for PKCS1_5 padding. This could lead to incorrect implementation. Signed-off-by: Arek Kusztal --- lib/cryptodev/rte_crypto_asym.h | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 1a57c0c532..1758aaa875 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -371,10 +371,27 @@ struct rte_crypto_rsa_op_param { /**< RSA padding scheme to be used for transform */ enum rte_crypto_auth_algorithm md; - /**< Hash algorithm to be used for data hash if padding - * scheme is either OAEP or PSS. Valid hash algorithms - * are: - * MD5, SHA1, SHA224, SHA256, SHA384, SHA512 + /**< + * RSA padding hash function + * + * When a specific padding type is selected, the following rule apply: + * - RTE_CRYPTO_RSA_PADDING_NONE: + * This field is ignored by the PMD + * + * - RTE_CRYPTO_RSA_PADDING_PKCS1_5: + * When signing operation this field is used to determine value + * of the DigestInfo structure, therefore specifying which algorithm + * was used to create the message digest. + * When doing encryption/decryption this field is ignored for this + * padding type. + * + * - RTE_CRYPTO_RSA_PADDING_OAEP + * This field shall be set with the hash algorithm used + * in the padding scheme + * + * - RTE_CRYPTO_RSA_PADDING_PSS + * This field shall be set with the hash algorithm used + * in the padding scheme (and to create the input message digest) */ enum rte_crypto_auth_algorithm mgf1md; From patchwork Wed May 25 15:53:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 111835 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3A7D0A0555; Wed, 25 May 2022 19:04:45 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5A3DE4067B; Wed, 25 May 2022 19:04:43 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id 2B23540143 for ; Wed, 25 May 2022 19:04:40 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653498281; x=1685034281; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=1BrXpXWqaB4hWa/2ISNGOHUl48hTlAXLgfRq51t/bS8=; b=DZvFfg+CjJSpgUfkgpKaSpoPNmbYv+XdQzrWZK2p/WLHVRjs1oDFpp64 OIN4P5r05qiUjo+93AjMWvgGoZrvG7x1iRpOBu8WxfH0OSFvFjKLVQXh7 GY4gmsu/AxWk2tq6ivHn6gJTW8zVdbNVGg9SsaqdLta78FxKTdoEwZV0c i3sgklwhovj5CbcUPxVAZvtk9ZoZgwdNRXYt6YYY3RH+0q945hha/BpTr ZLUoaZPoU5ENt16mGTf23fLT26GtS+FxzZ1Lbjtz6yGFBFwjhmS5wJxUj P4bKs8DwIFW54dTIcghHl8rMqSsf/HbvA4GNg6sP9cNBSgdpwFtNVJu+J Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="273596542" X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="273596542" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 May 2022 10:01:28 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="664502415" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by FMSMGA003.fm.intel.com with ESMTP; 25 May 2022 10:01:27 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v2 11/14] cryptodev: move RSA padding into separate struct Date: Wed, 25 May 2022 16:53:21 +0100 Message-Id: <20220525155324.9288-12-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> References: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org - move RSA padding into separate struct. More padding members should be added into padding, therefore having separate struct for padding parameters will make this more readable. Signed-off-by: Arek Kusztal --- app/test/test_cryptodev_asym.c | 10 ++-- drivers/common/cpt/cpt_ucode_asym.h | 4 +- drivers/crypto/cnxk/cnxk_ae.h | 8 +-- drivers/crypto/octeontx/otx_cryptodev_ops.c | 4 +- drivers/crypto/openssl/rte_openssl_pmd.c | 2 +- drivers/crypto/qat/qat_asym.c | 12 ++--- lib/cryptodev/rte_crypto_asym.h | 76 ++++++++++++++++------------- 7 files changed, 61 insertions(+), 55 deletions(-) diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index a151051165..072dbb30f4 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -94,7 +94,7 @@ queue_ops_rsa_sign_verify(void *sess) asym_op->rsa.message.length = rsaplaintext.len; asym_op->rsa.sign.length = 0; asym_op->rsa.sign.data = output_buf; - asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5; + asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5; debug_hexdump(stdout, "message", asym_op->rsa.message.data, asym_op->rsa.message.length); @@ -126,7 +126,7 @@ queue_ops_rsa_sign_verify(void *sess) /* Verify sign */ asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY; - asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5; + asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5; /* Process crypto operation */ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) { @@ -185,7 +185,7 @@ queue_ops_rsa_enc_dec(void *sess) asym_op->rsa.cipher.data = cipher_buf; asym_op->rsa.cipher.length = 0; asym_op->rsa.message.length = rsaplaintext.len; - asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5; + asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5; debug_hexdump(stdout, "message", asym_op->rsa.message.data, asym_op->rsa.message.length); @@ -217,7 +217,7 @@ queue_ops_rsa_enc_dec(void *sess) asym_op = result_op->asym; asym_op->rsa.message.length = 0; asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT; - asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5; + asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5; /* Process crypto operation */ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) { @@ -413,7 +413,7 @@ test_cryptodev_asym_op(struct crypto_testsuite_params_asym *ts_params, } xform_tc.rsa.key_type = key_type; - op->asym->rsa.pad = data_tc->rsa_data.padding; + op->asym->rsa.padding.type = data_tc->rsa_data.padding; if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) { asym_op->rsa.message.data = data_tc->rsa_data.pt.data; diff --git a/drivers/common/cpt/cpt_ucode_asym.h b/drivers/common/cpt/cpt_ucode_asym.h index f5d91f2583..1105a0c125 100644 --- a/drivers/common/cpt/cpt_ucode_asym.h +++ b/drivers/common/cpt/cpt_ucode_asym.h @@ -327,7 +327,7 @@ cpt_rsa_prep(struct asym_op_params *rsa_params, /* Result buffer */ rlen = mod_len; - if (rsa_op.pad == RTE_CRYPTO_RSA_PADDING_NONE) { + if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { /* Use mod_exp operation for no_padding type */ vq_cmd_w0.s.opcode.minor = CPT_MINOR_OP_MODEX; vq_cmd_w0.s.param2 = exp_len; @@ -412,7 +412,7 @@ cpt_rsa_crt_prep(struct asym_op_params *rsa_params, /* Result buffer */ rlen = mod_len; - if (rsa_op.pad == RTE_CRYPTO_RSA_PADDING_NONE) { + if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { /*Use mod_exp operation for no_padding type */ vq_cmd_w0.s.opcode.minor = CPT_MINOR_OP_MODEX_CRT; } else { diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h index 10854c79c8..0562f72270 100644 --- a/drivers/crypto/cnxk/cnxk_ae.h +++ b/drivers/crypto/cnxk/cnxk_ae.h @@ -288,7 +288,7 @@ cnxk_ae_rsa_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf, dptr += in_size; dlen = total_key_len + in_size; - if (rsa_op.pad == RTE_CRYPTO_RSA_PADDING_NONE) { + if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { /* Use mod_exp operation for no_padding type */ w4.s.opcode_minor = ROC_AE_MINOR_OP_MODEX; w4.s.param2 = exp_len; @@ -347,7 +347,7 @@ cnxk_ae_rsa_crt_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf, dptr += in_size; dlen = total_key_len + in_size; - if (rsa_op.pad == RTE_CRYPTO_RSA_PADDING_NONE) { + if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { /*Use mod_exp operation for no_padding type */ w4.s.opcode_minor = ROC_AE_MINOR_OP_MODEX_CRT; } else { @@ -675,7 +675,7 @@ cnxk_ae_dequeue_rsa_op(struct rte_crypto_op *cop, uint8_t *rptr, memcpy(rsa->cipher.data, rptr, rsa->cipher.length); break; case RTE_CRYPTO_ASYM_OP_DECRYPT: - if (rsa->pad == RTE_CRYPTO_RSA_PADDING_NONE) { + if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { rsa->message.length = rsa_ctx->n.length; memcpy(rsa->message.data, rptr, rsa->message.length); } else { @@ -695,7 +695,7 @@ cnxk_ae_dequeue_rsa_op(struct rte_crypto_op *cop, uint8_t *rptr, memcpy(rsa->sign.data, rptr, rsa->sign.length); break; case RTE_CRYPTO_ASYM_OP_VERIFY: - if (rsa->pad == RTE_CRYPTO_RSA_PADDING_NONE) { + if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { rsa->sign.length = rsa_ctx->n.length; memcpy(rsa->sign.data, rptr, rsa->sign.length); } else { diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c index d5851d9987..914b17decf 100644 --- a/drivers/crypto/octeontx/otx_cryptodev_ops.c +++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c @@ -736,7 +736,7 @@ otx_cpt_asym_rsa_op(struct rte_crypto_op *cop, struct cpt_request_info *req, memcpy(rsa->cipher.data, req->rptr, rsa->cipher.length); break; case RTE_CRYPTO_ASYM_OP_DECRYPT: - if (rsa->pad == RTE_CRYPTO_RSA_PADDING_NONE) + if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) rsa->message.length = rsa_ctx->n.length; else { /* Get length of decrypted output */ @@ -753,7 +753,7 @@ otx_cpt_asym_rsa_op(struct rte_crypto_op *cop, struct cpt_request_info *req, memcpy(rsa->sign.data, req->rptr, rsa->sign.length); break; case RTE_CRYPTO_ASYM_OP_VERIFY: - if (rsa->pad == RTE_CRYPTO_RSA_PADDING_NONE) + if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) rsa->sign.length = rsa_ctx->n.length; else { /* Get length of decrypted output */ diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 4e11770864..0aa988d167 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1894,7 +1894,7 @@ process_openssl_rsa_op(struct rte_crypto_op *cop, int ret = 0; struct rte_crypto_asym_op *op = cop->asym; RSA *rsa = sess->u.r.rsa; - uint32_t pad = (op->rsa.pad); + uint32_t pad = (op->rsa.padding.type); uint8_t *tmp; cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c index 479d5308cf..5dd355d007 100644 --- a/drivers/crypto/qat/qat_asym.c +++ b/drivers/crypto/qat/qat_asym.c @@ -345,7 +345,7 @@ rsa_set_pub_input(struct rte_crypto_asym_op *asym_op, alg_bytesize = qat_function.bytesize; if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) { - switch (asym_op->rsa.pad) { + switch (asym_op->rsa.padding.type) { case RTE_CRYPTO_RSA_PADDING_NONE: SET_PKE_LN(cookie->input_array, asym_op->rsa.message, alg_bytesize, 0); @@ -358,7 +358,7 @@ rsa_set_pub_input(struct rte_crypto_asym_op *asym_op, } HEXDUMP("RSA Message", cookie->input_array[0], alg_bytesize); } else { - switch (asym_op->rsa.pad) { + switch (asym_op->rsa.padding.type) { case RTE_CRYPTO_RSA_PADDING_NONE: SET_PKE_LN(cookie->input_array, asym_op->rsa.sign, alg_bytesize, 0); @@ -454,7 +454,7 @@ rsa_set_priv_input(struct rte_crypto_asym_op *asym_op, if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) { - switch (asym_op->rsa.pad) { + switch (asym_op->rsa.padding.type) { case RTE_CRYPTO_RSA_PADDING_NONE: SET_PKE_LN(cookie->input_array, asym_op->rsa.cipher, alg_bytesize, 0); @@ -469,7 +469,7 @@ rsa_set_priv_input(struct rte_crypto_asym_op *asym_op, } else if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN) { - switch (asym_op->rsa.pad) { + switch (asym_op->rsa.padding.type) { case RTE_CRYPTO_RSA_PADDING_NONE: SET_PKE_LN(cookie->input_array, asym_op->rsa.message, alg_bytesize, 0); @@ -529,7 +529,7 @@ rsa_collect(struct rte_crypto_asym_op *asym_op, } else { uint8_t *rsa_result = asym_op->rsa.cipher.data; - switch (asym_op->rsa.pad) { + switch (asym_op->rsa.padding.type) { case RTE_CRYPTO_RSA_PADDING_NONE: rte_memcpy(rsa_result, cookie->output_array[0], @@ -547,7 +547,7 @@ rsa_collect(struct rte_crypto_asym_op *asym_op, if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) { uint8_t *rsa_result = asym_op->rsa.message.data; - switch (asym_op->rsa.pad) { + switch (asym_op->rsa.padding.type) { case RTE_CRYPTO_RSA_PADDING_NONE: rte_memcpy(rsa_result, cookie->output_array[0], diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 1758aaa875..ee0988d3cf 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -212,6 +212,45 @@ struct rte_crypto_rsa_priv_key_qt { }; /** + * RSA padding type + */ +struct rte_crypto_rsa_padding { + enum rte_crypto_rsa_padding_type type; + /**< RSA padding scheme to be used for transform */ + enum rte_crypto_auth_algorithm md; + /**< + * RSA padding hash function + * + * When a specific padding type is selected, the following rule apply: + * - RTE_CRYPTO_RSA_PADDING_NONE: + * This field is ignored by the PMD + * + * - RTE_CRYPTO_RSA_PADDING_PKCS1_5: + * When signing operation this field is used to determine value + * of the DigestInfo structure, therefore specifying which algorithm + * was used to create the message digest. + * When doing encryption/decryption this field is ignored for this + * padding type. + * + * - RTE_CRYPTO_RSA_PADDING_OAEP + * This field shall be set with the hash algorithm used + * in the padding scheme + * + * - RTE_CRYPTO_RSA_PADDING_PSS + * This field shall be set with the hash algorithm used + * in the padding scheme (and to create the input message digest) + */ + enum rte_crypto_auth_algorithm mgf1md; + /**< + * Hash algorithm to be used for mask generation if + * padding scheme is either OAEP or PSS. If padding + * scheme is unspecified data hash algorithm is used + * for mask generation. Valid hash algorithms are: + * MD5, SHA1, SHA224, SHA256, SHA384, SHA512 + */ +}; + +/** * Asymmetric RSA transform data * * Structure describing RSA xform params @@ -367,41 +406,8 @@ struct rte_crypto_rsa_op_param { * All data is in Octet-string network byte order format. */ - enum rte_crypto_rsa_padding_type pad; - /**< RSA padding scheme to be used for transform */ - - enum rte_crypto_auth_algorithm md; - /**< - * RSA padding hash function - * - * When a specific padding type is selected, the following rule apply: - * - RTE_CRYPTO_RSA_PADDING_NONE: - * This field is ignored by the PMD - * - * - RTE_CRYPTO_RSA_PADDING_PKCS1_5: - * When signing operation this field is used to determine value - * of the DigestInfo structure, therefore specifying which algorithm - * was used to create the message digest. - * When doing encryption/decryption this field is ignored for this - * padding type. - * - * - RTE_CRYPTO_RSA_PADDING_OAEP - * This field shall be set with the hash algorithm used - * in the padding scheme - * - * - RTE_CRYPTO_RSA_PADDING_PSS - * This field shall be set with the hash algorithm used - * in the padding scheme (and to create the input message digest) - */ - - enum rte_crypto_auth_algorithm mgf1md; - /**< - * Hash algorithm to be used for mask generation if - * padding scheme is either OAEP or PSS. If padding - * scheme is unspecified data hash algorithm is used - * for mask generation. Valid hash algorithms are: - * MD5, SHA1, SHA224, SHA256, SHA384, SHA512 - */ + struct rte_crypto_rsa_padding padding; + /**< RSA padding information */ }; /** From patchwork Wed May 25 15:53:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 111836 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D78C6A0555; Wed, 25 May 2022 19:04:53 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 410624281B; Wed, 25 May 2022 19:04:48 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id 95D6340143 for ; Wed, 25 May 2022 19:04:45 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653498286; x=1685034286; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=QyPgn3aDlbzkqiWt7OJw5WHwt9DuWABqy2trNnEMp+Q=; b=Z8gZQHD4LpiTseU6dyVxYIN944qZR8L7e56kHcBLHMten42loJBCpRlL ctxoh1FNa2tpfUYVbpSr5tMPALWDYtLPJnm9DEJTA+bzJyLXvijGadlV/ WMr4btu0NmoLpCjzvqjjl0MIVL/Crstpl+5h0vlCJpOGbkjbVYZ1BaIz5 2iZcHkjqsfsOkMq98mduEqmZueXTZ92kP6HqG9LebSEJb1n2PJ3ugpC7Q 1cL+OFWX0Gajl8C1R+GVy+KX2VnJ5MT5RdiksNl40tXVoA1uOqP2wMT/e 3513pTxD+LHBBrhex6AdTUmkzdLnh22VYkVsyZHsDjGtDf3CWnTHRmnP7 g==; X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="273596590" X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="273596590" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 May 2022 10:01:30 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="664502427" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by FMSMGA003.fm.intel.com with ESMTP; 25 May 2022 10:01:29 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v2 12/14] cryptodev: clarify rsa verify with none padding Date: Wed, 25 May 2022 16:53:22 +0100 Message-Id: <20220525155324.9288-13-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> References: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org - Clarified where should output be stored of signature decryption with padding none. PMD is not able to know what padding algorithm was used, therefore decrypted signature should be returned to the user. Signed-off-by: Arek Kusztal --- lib/cryptodev/rte_crypto_asym.h | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index ee0988d3cf..9f7fba3758 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -372,8 +372,6 @@ struct rte_crypto_rsa_op_param { * (i.e. must be at least RSA key size). The message.length * field should be 0 and will be overwritten by the PMD * with the decrypted length. - * - * All data is in Octet-string network byte order format. */ rte_crypto_param cipher; @@ -388,7 +386,8 @@ struct rte_crypto_rsa_op_param { * at least RSA key size). The cipher.length field should * be 0 and will be overwritten by the PMD with the encrypted length. * - * All data is in Octet-string network byte order format. + * When RTE_CRYPTO_RSA_PADDING_NONE and RTE_CRYPTO_ASYM_OP_VERIFY + * selected, this is an output of decrypted signature. */ rte_crypto_param sign; @@ -402,8 +401,6 @@ struct rte_crypto_rsa_op_param { * with enough memory to hold signature output (i.e. must be * at least RSA key size). The sign.length field should * be 0 and will be overwritten by the PMD with the signature length. - * - * All data is in Octet-string network byte order format. */ struct rte_crypto_rsa_padding padding; From patchwork Wed May 25 15:53:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 111837 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 09F76A0555; Wed, 25 May 2022 19:05:01 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 12A0B4280B; Wed, 25 May 2022 19:04:58 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id 745144280B for ; Wed, 25 May 2022 19:04:56 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653498296; x=1685034296; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=mL1Oh0jDs4vDv1D69q6C2dUJ5DxdW/E/+JLhebzTdrc=; b=MMiZ0rvigvTfep2JO3R33S9iLr8P3Kygsj4WpmW7N62DHTNZcdNPdM5f zSpz0ie6xvHDPB4WMg3KlUf6Wjc4KUgQea+QbbbjBEvGcxOR5eT2AZEDT KXdORk4xsKgtbbh3Z3hFs8sKEDkID7yfm9RRCZL2WPnaonssUdMbJ9BmH lCi9tHcMfTJiXztAw3ssa6N5lTewkBxUnhGROMdRBlg1MCpL/rpFlS/Fi 6VB+gCcntL/3Aeu4vbrHPtID+U0IS6MrXc0fxEs+VqRebXkzYsMbiGKrH lcxYzF9+HwQqw12jqAK76VhOUvjgj/+i/Y7JU1Rr1WoUiPIPJjyOMvQgi A==; X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="273596648" X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="273596648" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 May 2022 10:01:32 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="664502442" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by FMSMGA003.fm.intel.com with ESMTP; 25 May 2022 10:01:31 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v2 13/14] cryptodev: add salt length and optional label Date: Wed, 25 May 2022 16:53:23 +0100 Message-Id: <20220525155324.9288-14-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> References: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org - Added salt length and optional label. Common parameters to PSS and OAEP padding for RSA. - Fixed hash API in RSA padding. Now it is specified how hash should be used with particular RSA padding modes. Signed-off-by: Arek Kusztal Acked-by: Akhil Goyal --- lib/cryptodev/rte_crypto_asym.h | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 9f7fba3758..d90a7a1957 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -217,7 +217,7 @@ struct rte_crypto_rsa_priv_key_qt { struct rte_crypto_rsa_padding { enum rte_crypto_rsa_padding_type type; /**< RSA padding scheme to be used for transform */ - enum rte_crypto_auth_algorithm md; + enum rte_crypto_auth_algorithm hash; /**< * RSA padding hash function * @@ -240,7 +240,7 @@ struct rte_crypto_rsa_padding { * This field shall be set with the hash algorithm used * in the padding scheme (and to create the input message digest) */ - enum rte_crypto_auth_algorithm mgf1md; + enum rte_crypto_auth_algorithm mgf1hash; /**< * Hash algorithm to be used for mask generation if * padding scheme is either OAEP or PSS. If padding @@ -248,6 +248,21 @@ struct rte_crypto_rsa_padding { * for mask generation. Valid hash algorithms are: * MD5, SHA1, SHA224, SHA256, SHA384, SHA512 */ + uint16_t pss_saltlen; + /**< + * RSA PSS padding salt length + * + * Used only when RTE_CRYPTO_RSA_PADDING_PSS padding is selected, + * otherwise ignored. + */ + rte_crypto_param oaep_label; + /**< + * RSA OAEP padding optional label + * + * Used only when RTE_CRYPTO_RSA_PADDING_OAEP padding is selected, + * otherwise ignored. If label.data == NULL, a default + * label (empty string) is used. + */ }; /** From patchwork Wed May 25 15:53:24 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arkadiusz Kusztal X-Patchwork-Id: 111838 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 14132A0555; Wed, 25 May 2022 19:05:13 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 0390F40E2D; Wed, 25 May 2022 19:05:13 +0200 (CEST) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mails.dpdk.org (Postfix) with ESMTP id 0799040151 for ; Wed, 25 May 2022 19:05:10 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1653498311; x=1685034311; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=h0aZ0OzjZnni2v3YKivOkEuo4tE4PZBVfV8sgen5HSI=; b=jWsp5/iO3M+6uljjaQUY/CidTh46zWaEAVIygfPcOE8URkYCU8wQ6WfK CNBew8nv4OfsqEdbn8ekNAJdmBlkqyEIADHzInECnNGAvfIhKAi/FRKiD BHL0fT8aK3CTvrtkhrnABW/6vZ+RQeWYjlWOKg/EGAeLgWWGbuZQo8kdM iIE8jalffTpcL+cYTEF+2VbxiWf5ImlCMxY13TS1WrqKb+6UI6KlKDZ+x zW6z2DMgVFBh0DnlbWsv8tCfJO0jVR1yHffdXLOz5xZ6qzPdL8j7yQaJT Jg2gU2B2t1cBSo5Yb7wQNn4V/Pjda0po9ExoIBseXTWCgOb4Ww5tboQrf Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10358"; a="273596702" X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="273596702" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 May 2022 10:01:34 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,250,1647327600"; d="scan'208";a="664502453" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by FMSMGA003.fm.intel.com with ESMTP; 25 May 2022 10:01:32 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v2 14/14] cryptodev: add asym algorithms capabilities Date: Wed, 25 May 2022 16:53:24 +0100 Message-Id: <20220525155324.9288-15-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> References: <20220525155324.9288-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org - Added asymmetric crypto algorithm specific capability struct. Included fields like random number capability, padding flags etc. Signed-off-by: Arek Kusztal --- app/test-crypto-perf/main.c | 12 +- app/test-eventdev/test_perf_common.c | 2 +- app/test/test_cryptodev_asym.c | 210 +++++++++++++++++++++------ app/test/test_event_crypto_adapter.c | 16 +- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 128 +++++++--------- drivers/crypto/qat/dev/qat_asym_pmd_gen1.c | 68 +++++++-- lib/cryptodev/rte_crypto_asym.h | 48 ++++++ lib/cryptodev/rte_cryptodev.c | 80 +++++++++- lib/cryptodev/rte_cryptodev.h | 75 +++++++++- lib/cryptodev/version.map | 4 + 10 files changed, 495 insertions(+), 148 deletions(-) diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c index 17e30a8e74..f8a4c9cdcf 100644 --- a/app/test-crypto-perf/main.c +++ b/app/test-crypto-perf/main.c @@ -364,8 +364,8 @@ cperf_verify_devices_capabilities(struct cperf_options *opts, struct rte_cryptodev_sym_capability_idx cap_idx; const struct rte_cryptodev_symmetric_capability *capability; struct rte_cryptodev_asym_capability_idx asym_cap_idx; - const struct rte_cryptodev_asymmetric_xform_capability *asym_capability; - + const struct rte_cryptodev_asymmetric_capability *asym_capability; + struct rte_crypto_mod_capability mod_capa = {0}; uint8_t i, cdev_id; int ret; @@ -381,11 +381,11 @@ cperf_verify_devices_capabilities(struct cperf_options *opts, if (asym_capability == NULL) return -1; - ret = rte_cryptodev_asym_xform_capability_check_modlen( - asym_capability, opts->modex_data->modulus.len); - if (ret != 0) + mod_capa.max_mod_size = opts->modex_data->modulus.len; + ret = rte_cryptodev_capa_check_mod(asym_capability, + mod_capa); + if (ret == 0) return ret; - } if (opts->op_type == CPERF_AUTH_ONLY || diff --git a/app/test-eventdev/test_perf_common.c b/app/test-eventdev/test_perf_common.c index b41785492e..ac8e6410ab 100644 --- a/app/test-eventdev/test_perf_common.c +++ b/app/test-eventdev/test_perf_common.c @@ -846,7 +846,7 @@ cryptodev_sym_sess_create(struct prod_data *p, struct test_perf *t) static void * cryptodev_asym_sess_create(struct prod_data *p, struct test_perf *t) { - const struct rte_cryptodev_asymmetric_xform_capability *capability; + const struct rte_cryptodev_asymmetric_capability *capability; struct rte_cryptodev_asym_capability_idx cap_idx; struct rte_crypto_asym_xform xform; void *sess; diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index 072dbb30f4..c531265642 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -311,10 +311,11 @@ test_cryptodev_asym_op(struct crypto_testsuite_params_asym *ts_params, struct rte_crypto_asym_xform xform_tc; void *sess = NULL; struct rte_cryptodev_asym_capability_idx cap_idx; - const struct rte_cryptodev_asymmetric_xform_capability *capability; + const struct rte_cryptodev_asymmetric_capability *capability; uint8_t dev_id = ts_params->valid_devs[0]; uint8_t input[TEST_DATA_SIZE] = {0}; uint8_t *result = NULL; + struct rte_crypto_mod_capability mod_capa = {0}; int ret, status = TEST_SUCCESS; @@ -358,8 +359,10 @@ test_cryptodev_asym_op(struct crypto_testsuite_params_asym *ts_params, asym_op->modex.base.length = data_tc->modex.base.len; asym_op->modex.result.data = result; asym_op->modex.result.length = data_tc->modex.result_len; - if (rte_cryptodev_asym_xform_capability_check_modlen(capability, - xform_tc.modex.modulus.length)) { + + mod_capa.max_mod_size = xform_tc.modex.modulus.length; + if (!rte_cryptodev_capa_check_mod(capability, + mod_capa)) { snprintf(test_msg, ASYM_TEST_MSG_LEN, "line %u " "FAILED: %s", __LINE__, @@ -378,8 +381,10 @@ test_cryptodev_asym_op(struct crypto_testsuite_params_asym *ts_params, asym_op->modinv.base.length = data_tc->modinv.base.len; asym_op->modinv.result.data = result; asym_op->modinv.result.length = data_tc->modinv.result_len; - if (rte_cryptodev_asym_xform_capability_check_modlen(capability, - xform_tc.modinv.modulus.length)) { + + mod_capa.max_mod_size = xform_tc.modinv.modulus.length; + if (!rte_cryptodev_capa_check_mod(capability, + mod_capa)) { snprintf(test_msg, ASYM_TEST_MSG_LEN, "line %u " "FAILED: %s", __LINE__, @@ -963,38 +968,100 @@ ut_teardown_asym(void) rte_cryptodev_stop(ts_params->valid_devs[0]); } -static inline void print_asym_capa( - const struct rte_cryptodev_asymmetric_xform_capability *capa) +static void +print_rsa_capability( + const struct rte_cryptodev_asymmetric_capability *capa) { int i = 0; + printf("\nSupported paddings:"); + for (; i < 32; i++) { + if (capa->rsa.padding & RTE_BIT32(i)) + printf("\n - %s", rte_crypto_asym_rsa_padding[i]); + } + printf("\nSupported hash functions:"); + for (i = 0; i < 32; i++) { + if (capa->rsa.hash & RTE_BIT32(i)) + printf("\n - %s", rte_crypto_auth_algorithm_strings[i]); + } + printf("\nMaximum key size: "); + if (capa->rsa.max_key_size == 0) + printf("Unlimited"); + else + printf("%hu", capa->rsa.max_key_size); +} + +static void +print_supported_curves(uint64_t curves) +{ + int i = 0; + + printf("\nSupported elliptic curves:"); + for (; i < 64; i++) { + if (curves & RTE_BIT64(i)) + printf("\n - %s", rte_crypto_curves_strings[i]); + } +} + +static inline void print_asym_capa( + const struct rte_cryptodev_asymmetric_capability *capa) +{ printf("\nxform type: %s\n===================\n", rte_crypto_asym_xform_strings[capa->xform_type]); - printf("operation supported -"); - for (i = 0; i < RTE_CRYPTO_ASYM_OP_LIST_END; i++) { - /* check supported operations */ - if (rte_cryptodev_asym_xform_capability_check_optype(capa, i)) - printf(" %s", - rte_crypto_asym_op_strings[i]); - } - switch (capa->xform_type) { - case RTE_CRYPTO_ASYM_XFORM_RSA: - case RTE_CRYPTO_ASYM_XFORM_MODINV: - case RTE_CRYPTO_ASYM_XFORM_MODEX: - case RTE_CRYPTO_ASYM_XFORM_DH: - case RTE_CRYPTO_ASYM_XFORM_DSA: - printf(" modlen: min %d max %d increment %d", - capa->modlen.min, - capa->modlen.max, - capa->modlen.increment); + switch (capa->xform_type) { + case RTE_CRYPTO_ASYM_XFORM_MODEX: + case RTE_CRYPTO_ASYM_XFORM_MODINV: + printf("Maximum size of modulus: "); + if (capa->mod.max_mod_size == 0) + printf("Unlimited"); + else + printf("%hu", capa->mod.max_mod_size); break; - case RTE_CRYPTO_ASYM_XFORM_ECDSA: - case RTE_CRYPTO_ASYM_XFORM_ECPM: - default: - break; - } - printf("\n"); + case RTE_CRYPTO_ASYM_XFORM_RSA: + print_rsa_capability(capa); + break; + case RTE_CRYPTO_ASYM_XFORM_DH: + printf("Maximum group size: "); + if (capa->dh.max_group_size == 0) + printf("Unlimited"); + else + printf("%hu", capa->dh.max_group_size); + printf("\nSupport for private key generation: "); + if (capa->dh.priv_key_gen) + printf("Yes"); + else + printf("No"); + break; + case RTE_CRYPTO_ASYM_XFORM_DSA: + printf("Maximum key size: "); + if (capa->dsa.max_key_size == 0) + printf("Unlimited"); + else + printf("%hu", capa->dsa.max_key_size); + printf("\nSupport for random 'k' generation: "); + if (capa->dsa.random_k) + printf("Yes"); + else + printf("No"); + break; + + break; + case RTE_CRYPTO_ASYM_XFORM_ECDSA: + print_supported_curves(capa->ecdsa.curves); + printf("\nSupport for random 'k' generation: "); + if (capa->ecdsa.random_k) + printf("Yes"); + else + printf("No"); + break; + case RTE_CRYPTO_ASYM_XFORM_ECPM: + print_supported_curves(capa->ecpm.curves); + break; + default: + break; + } + printf("\n"); } static int @@ -1006,7 +1073,7 @@ test_capability(void) const struct rte_cryptodev_capabilities *dev_capa; int i = 0; struct rte_cryptodev_asym_capability_idx idx; - const struct rte_cryptodev_asymmetric_xform_capability *capa; + const struct rte_cryptodev_asymmetric_capability *capa; rte_cryptodev_info_get(dev_id, &dev_info); if (!(dev_info.feature_flags & @@ -1023,7 +1090,7 @@ test_capability(void) dev_capa = &(dev_info.capabilities[i]); if (dev_info.capabilities[i].op == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) { - idx.type = dev_capa->asym.xform_capa.xform_type; + idx.type = dev_capa->asym.xform_type; capa = rte_cryptodev_asym_capability_get(dev_id, (const struct @@ -1386,10 +1453,11 @@ test_mod_inv(void) void *sess = NULL; int status = TEST_SUCCESS; struct rte_cryptodev_asym_capability_idx cap_idx; - const struct rte_cryptodev_asymmetric_xform_capability *capability; + const struct rte_cryptodev_asymmetric_capability *capability; uint8_t input[TEST_DATA_SIZE] = {0}; int ret = 0; uint8_t result[sizeof(mod_p)] = { 0 }; + struct rte_crypto_mod_capability mod_capa = {0}; if (rte_cryptodev_asym_get_xform_enum( &modinv_xform.xform_type, "modinv") < 0) { @@ -1408,13 +1476,11 @@ test_mod_inv(void) return TEST_SKIPPED; } - if (rte_cryptodev_asym_xform_capability_check_modlen( - capability, - modinv_xform.modinv.modulus.length)) { - RTE_LOG(ERR, USER1, - "Invalid MODULUS length specified\n"); - return TEST_SKIPPED; - } + mod_capa.max_mod_size = modinv_xform.modinv.modulus.length; + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) { + RTE_LOG(ERR, USER1, "Invalid MODULUS length specified\n"); + return TEST_SKIPPED; + } ret = rte_cryptodev_asym_session_create(dev_id, &modinv_xform, sess_mpool, &sess); if (ret < 0) { @@ -1499,7 +1565,8 @@ test_mod_exp(void) void *sess = NULL; int status = TEST_SUCCESS; struct rte_cryptodev_asym_capability_idx cap_idx; - const struct rte_cryptodev_asymmetric_xform_capability *capability; + const struct rte_cryptodev_asymmetric_capability *capability; + struct rte_crypto_mod_capability mod_capa = {0}; uint8_t input[TEST_DATA_SIZE] = {0}; int ret = 0; uint8_t result[sizeof(mod_p)] = { 0 }; @@ -1522,12 +1589,11 @@ test_mod_exp(void) return TEST_SKIPPED; } - if (rte_cryptodev_asym_xform_capability_check_modlen( - capability, modex_xform.modex.modulus.length)) { - RTE_LOG(ERR, USER1, - "Invalid MODULUS length specified\n"); - return TEST_SKIPPED; - } + mod_capa.max_mod_size = modex_xform.modex.modulus.length; + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) { + RTE_LOG(ERR, USER1, "Invalid MODULUS length specified\n"); + return TEST_SKIPPED; + } /* Create op, create session, and process packets. 8< */ op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC); @@ -1785,6 +1851,8 @@ test_ecdsa_sign_verify(enum curve curve_id) struct rte_crypto_asym_xform xform; struct rte_crypto_asym_op *asym_op; struct rte_cryptodev_info dev_info; + struct rte_cryptodev_asym_capability_idx idx; + const struct rte_cryptodev_asymmetric_capability *capabilities; struct rte_crypto_op *op = NULL; int ret, status = TEST_SUCCESS; @@ -1814,6 +1882,25 @@ test_ecdsa_sign_verify(enum curve curve_id) rte_cryptodev_info_get(dev_id, &dev_info); + struct rte_crypto_ecdsa_capability capa = { + .curves = RTE_BIT32(input_params.curve), + .random_k = 0 + }; + + idx.type = RTE_CRYPTO_ASYM_XFORM_ECDSA; + capabilities = rte_cryptodev_asym_capability_get(dev_id, + (const struct + rte_cryptodev_asym_capability_idx *) &idx); + + if (capabilities == NULL) { + status = TEST_SKIPPED; + goto exit; + } + if (!rte_cryptodev_capa_check_ecdsa(capabilities, capa)) { + status = TEST_SKIPPED; + goto exit; + } + /* Setup crypto op data structure */ op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC); if (op == NULL) { @@ -1962,6 +2049,8 @@ test_ecdsa_sign_verify_all_curve(void) status = test_ecdsa_sign_verify(curve_id); if (status == TEST_SUCCESS) { msg = "succeeded"; + } else if (status == TEST_SKIPPED) { + continue; } else { msg = "failed"; overall_status = status; @@ -1987,6 +2076,8 @@ test_ecpm(enum curve curve_id) struct rte_crypto_asym_xform xform; struct rte_crypto_asym_op *asym_op; struct rte_cryptodev_info dev_info; + struct rte_cryptodev_asym_capability_idx idx; + const struct rte_cryptodev_asymmetric_capability *capabilities; struct rte_crypto_op *op = NULL; int ret, status = TEST_SUCCESS; @@ -2016,6 +2107,24 @@ test_ecpm(enum curve curve_id) rte_cryptodev_info_get(dev_id, &dev_info); + struct rte_crypto_ecdsa_capability capa = { + .curves = RTE_BIT32(input_params.curve) + }; + + idx.type = RTE_CRYPTO_ASYM_XFORM_ECPM; + capabilities = rte_cryptodev_asym_capability_get(dev_id, + (const struct + rte_cryptodev_asym_capability_idx *) &idx); + + if (capabilities == NULL) { + status = TEST_SKIPPED; + goto exit; + } + if (!rte_cryptodev_capa_check_ecdsa(capabilities, capa)) { + status = TEST_SKIPPED; + goto exit; + } + /* Setup crypto op data structure */ op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC); if (op == NULL) { @@ -2124,6 +2233,8 @@ test_ecpm_all_curve(void) status = test_ecpm(curve_id); if (status == TEST_SUCCESS) { msg = "succeeded"; + } else if (status == TEST_SKIPPED) { + continue; } else { msg = "failed"; overall_status = status; @@ -2162,7 +2273,12 @@ static struct unit_test_suite cryptodev_qat_asym_testsuite = { .setup = testsuite_setup, .teardown = testsuite_teardown, .unit_test_cases = { + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_capability), TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, test_one_by_one), + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, + test_ecdsa_sign_verify_all_curve), + TEST_CASE_ST(ut_setup_asym, ut_teardown_asym, + test_ecpm_all_curve), TEST_CASES_END() /**< NULL terminate unit test array */ } }; diff --git a/app/test/test_event_crypto_adapter.c b/app/test/test_event_crypto_adapter.c index 2ecc7e2cea..9a62241371 100644 --- a/app/test/test_event_crypto_adapter.c +++ b/app/test/test_event_crypto_adapter.c @@ -450,7 +450,7 @@ test_session_with_op_forward_mode(void) static int test_asym_op_forward_mode(uint8_t session_less) { - const struct rte_cryptodev_asymmetric_xform_capability *capability; + const struct rte_cryptodev_asymmetric_capability *capability; struct rte_cryptodev_asym_capability_idx cap_idx; struct rte_crypto_asym_xform xform_tc; union rte_event_crypto_metadata m_data; @@ -458,6 +458,7 @@ test_asym_op_forward_mode(uint8_t session_less) struct rte_crypto_asym_op *asym_op; struct rte_crypto_op *op; uint8_t input[4096] = {0}; + struct rte_crypto_mod_capability mod_capa = {0}; uint8_t *result = NULL; struct rte_event ev; void *sess = NULL; @@ -503,8 +504,9 @@ test_asym_op_forward_mode(uint8_t session_less) asym_op->modex.base.length = modex_test_case.base.len; asym_op->modex.result.data = result; asym_op->modex.result.length = modex_test_case.result_len; - if (rte_cryptodev_asym_xform_capability_check_modlen(capability, - xform_tc.modex.modulus.length)) { + + mod_capa.max_mod_size = xform_tc.modex.modulus.length; + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) { RTE_LOG(INFO, USER1, "line %u FAILED: %s", __LINE__, "Invalid MODULUS length specified"); @@ -784,7 +786,7 @@ test_session_with_op_new_mode(void) static int test_asym_op_new_mode(uint8_t session_less) { - const struct rte_cryptodev_asymmetric_xform_capability *capability; + const struct rte_cryptodev_asymmetric_capability *capability; struct rte_cryptodev_asym_capability_idx cap_idx; struct rte_crypto_asym_xform xform_tc; union rte_event_crypto_metadata m_data; @@ -792,6 +794,7 @@ test_asym_op_new_mode(uint8_t session_less) struct rte_crypto_asym_op *asym_op; struct rte_crypto_op *op; uint8_t input[4096] = {0}; + struct rte_crypto_mod_capability mod_capa = {0}; uint8_t *result = NULL; void *sess = NULL; uint32_t cap; @@ -835,8 +838,9 @@ test_asym_op_new_mode(uint8_t session_less) asym_op->modex.base.length = modex_test_case.base.len; asym_op->modex.result.data = result; asym_op->modex.result.length = modex_test_case.result_len; - if (rte_cryptodev_asym_xform_capability_check_modlen(capability, - xform_tc.modex.modulus.length)) { + + mod_capa.max_mod_size = xform_tc.modex.modulus.length; + if (!rte_cryptodev_capa_check_mod(capability, mod_capa)) { RTE_LOG(INFO, USER1, "line %u FAILED: %s", __LINE__, "Invalid MODULUS length specified"); diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 16ec5e15eb..e734fc2a69 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -7,6 +7,7 @@ #include #include #include +#include #include "openssl_pmd_private.h" #include "compat.h" @@ -470,103 +471,82 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { }, } }, } }, - { /* RSA */ + { /* Modular exponentiation */ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, {.asym = { - .xform_capa = { - .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA, - .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | - (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | - (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | - (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), - { - .modlen = { - /* min length is based on openssl rsa keygen */ - .min = 30, - /* value 0 symbolizes no limit on max length */ - .max = 0, - .increment = 1 - }, } + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX, + .mod = { + .max_mod_size = 0 + } } - }, } }, - { /* modexp */ + { /* Modular multiplicative inverse */ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, {.asym = { - .xform_capa = { - .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX, - .op_types = 0, - { - .modlen = { - /* value 0 symbolizes no limit on min length */ - .min = 0, - /* value 0 symbolizes no limit on max length */ - .max = 0, - .increment = 1 - }, } + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV, + .mod = { + .max_mod_size = 0 + } } - }, } }, - { /* modinv */ + { /* RSA */ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, {.asym = { - .xform_capa = { - .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV, - .op_types = 0, - { - .modlen = { - /* value 0 symbolizes no limit on min length */ - .min = 0, - /* value 0 symbolizes no limit on max length */ - .max = 0, - .increment = 1 - }, } + .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA, + .rsa = { + .padding = + RTE_BIT32(RTE_CRYPTO_RSA_PADDING_NONE) | + RTE_BIT32(RTE_CRYPTO_RSA_PADDING_PKCS1_5), + .hash = + RTE_BIT32(RTE_CRYPTO_AUTH_MD5) | + RTE_BIT32(RTE_CRYPTO_AUTH_SHA1) | + RTE_BIT32(RTE_CRYPTO_AUTH_SHA224) | + RTE_BIT32(RTE_CRYPTO_AUTH_SHA256) | + RTE_BIT32(RTE_CRYPTO_AUTH_SHA384) | + RTE_BIT32(RTE_CRYPTO_AUTH_SHA512), + .max_key_size = 0 + } } - }, } }, - { /* dh */ + { /* Diffie-Hellman */ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, {.asym = { - .xform_capa = { - .xform_type = RTE_CRYPTO_ASYM_XFORM_DH, - .op_types = - ((1<op != RTE_CRYPTO_OP_TYPE_ASYMMETRIC) continue; - if (capability->asym.xform_capa.xform_type == idx->type) - return &capability->asym.xform_capa; + if (capability->asym.xform_type == idx->type) + return &capability->asym; } return NULL; }; @@ -456,6 +477,59 @@ rte_cryptodev_asym_xform_capability_check_modlen( return 0; } +int +rte_cryptodev_capa_check_mod( + const struct rte_cryptodev_asymmetric_capability *capa, + struct rte_crypto_mod_capability mod) +{ + if (capa->mod.max_mod_size == 0) + return 1; + + if (mod.max_mod_size <= capa->mod.max_mod_size) + return 1; + else + return 0; +} + +int +rte_cryptodev_capa_check_rsa( + const struct rte_cryptodev_asymmetric_capability *capa, + struct rte_crypto_rsa_capability rsa) +{ + if (rsa.padding != (capa->rsa.padding & rsa.padding)) + return 0; + if (rsa.hash != (capa->rsa.hash & rsa.hash)) + return 0; + if (capa->rsa.max_key_size == 0) + return 1; + if (rsa.max_key_size <= capa->rsa.max_key_size) + return 1; + else + return 0; +} + +int +rte_cryptodev_capa_check_ecdsa( + const struct rte_cryptodev_asymmetric_capability *capa, + struct rte_crypto_ecdsa_capability ecdsa) +{ + if (ecdsa.curves != (capa->ecdsa.curves & ecdsa.curves)) + return 0; + if (ecdsa.random_k == 1 && capa->ecdsa.random_k == 0) + return 0; + return 1; +} + +int +rte_cryptodev_capa_check_ecpm( + const struct rte_cryptodev_asymmetric_capability *capa, + struct rte_crypto_ecpm_capability ecpm) +{ + if (ecpm.curves != (capa->ecpm.curves & ecpm.curves)) + return 0; + return 1; +} + /* spinlock for crypto device enq callbacks */ static rte_spinlock_t rte_cryptodev_callback_lock = RTE_SPINLOCK_INITIALIZER; diff --git a/lib/cryptodev/rte_cryptodev.h b/lib/cryptodev/rte_cryptodev.h index 2c2c2edeb7..6c5bd819b2 100644 --- a/lib/cryptodev/rte_cryptodev.h +++ b/lib/cryptodev/rte_cryptodev.h @@ -184,6 +184,19 @@ struct rte_cryptodev_asymmetric_xform_capability { * */ struct rte_cryptodev_asymmetric_capability { + enum rte_crypto_asym_xform_type xform_type; + /**< Asymmetric transform type */ + uint32_t op_types; + /**< bitmask for supported rte_crypto_asym_op_type */ + union { + struct rte_crypto_mod_capability mod; + struct rte_crypto_rsa_capability rsa; + struct rte_crypto_dh_capability dh; + struct rte_crypto_dsa_capability dsa; + struct rte_crypto_ecdsa_capability ecdsa; + struct rte_crypto_ecpm_capability ecpm; + }; + struct rte_cryptodev_asymmetric_xform_capability xform_capa; }; @@ -247,7 +260,7 @@ rte_cryptodev_sym_capability_get(uint8_t dev_id, * - Return NULL if the capability not exist. */ __rte_experimental -const struct rte_cryptodev_asymmetric_xform_capability * +const struct rte_cryptodev_asymmetric_capability * rte_cryptodev_asym_capability_get(uint8_t dev_id, const struct rte_cryptodev_asym_capability_idx *idx); @@ -339,6 +352,66 @@ rte_cryptodev_asym_xform_capability_check_modlen( uint16_t modlen); /** + * Check if requested Modexp features are supported + * + * @param capability Description of the asymmetric crypto capability. + * @param mod Modexp requested capability. + * + * @return + * - Return 1 if the parameters are in range of the capability. + * - Return 0 if the parameters are out of range of the capability. + */ +__rte_experimental +int +rte_cryptodev_capa_check_mod( + const struct rte_cryptodev_asymmetric_capability *capa, + struct rte_crypto_mod_capability mod); +/** + * Check if requested RSA features are supported + * + * @param capability Description of the asymmetric crypto capability. + * @param rsa RSA requested capability. + * + * @return + * - Return 1 if the parameters are in range of the capability. + * - Return 0 if the parameters are out of range of the capability. + */ +__rte_experimental +int +rte_cryptodev_capa_check_rsa( + const struct rte_cryptodev_asymmetric_capability *capa, + struct rte_crypto_rsa_capability rsa); +/** + * Check if requested ECDSA features are supported + * + * @param capability Description of the asymmetric crypto capability. + * @param ecdsa ECDSA requested capability. + * + * @return + * - Return 1 if the parameters are in range of the capability. + * - Return 0 if the parameters are out of range of the capability. + */ +__rte_experimental +int +rte_cryptodev_capa_check_ecdsa( + const struct rte_cryptodev_asymmetric_capability *capa, + struct rte_crypto_ecdsa_capability ecdsa); +/** + * Check if requested ECPM features are supported + * + * @param capability Description of the asymmetric crypto capability. + * @param ecpm ECPM requested capability. + * + * @return + * - Return 1 if the parameters are in range of the capability. + * - Return 0 if the parameters are out of range of the capability. + */ +__rte_experimental +int +rte_cryptodev_capa_check_ecpm( + const struct rte_cryptodev_asymmetric_capability *capa, + struct rte_crypto_ecpm_capability ecpm); +/** * Provide the cipher algorithm enum, given an algorithm string * * @param algo_enum A pointer to the cipher algorithm diff --git a/lib/cryptodev/version.map b/lib/cryptodev/version.map index f0abfaa47d..4d93b9a947 100644 --- a/lib/cryptodev/version.map +++ b/lib/cryptodev/version.map @@ -108,6 +108,10 @@ EXPERIMENTAL { #added in 22.07 rte_cryptodev_session_event_mdata_set; + rte_cryptodev_capa_check_mod; + rte_cryptodev_capa_check_rsa; + rte_cryptodev_capa_check_ecdsa; + rte_cryptodev_capa_check_ecpm; }; INTERNAL {