[PATCH 0/2] app/test-crypto-perf: RSA modlen validation and asym ops fix

[PATCH 0/2] app/test-crypto-perf: RSA modlen validation and asym ops fix

[Sucharitha Sarananaga]

This patch series improves the robustness of the RSA performance tests in the crypto-perf application.

Patch 1 introduces validation for RSA modulus length to ensure only supported sizes are used during testing. This helps prevent invalid test cases and improves test reliability.

Patch 2 builds on the validation logic and fixes the execution flow for other asymmetric operations, ensuring they are correctly handled when RSA modlen validation fails.

Note: Patch 1 has been submitted upstream but is not yet merged. It is included here again to provide full context and allow reviewers to test both patches together.

Please review and provide feedback.

Thanks,  
Sucharitha Sarananaga

-- 
2.49.0

[PATCH 1/2] app/test-crypto-perf: validate rsa modlen

[Sucharitha Sarananaga]

Added a check to verify that user configured modlen supported
or not.

Signed-off-by: Sucharitha Sarananaga <ssarananaga@marvell.com>
---
 app/test-crypto-perf/cperf_options_parsing.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index 0e0dc4fd06..0c7c57ce42 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -1361,6 +1361,7 @@ is_valid_chained_op(struct cperf_options *options)
 int
 cperf_options_check(struct cperf_options *options)
 {
+	uint16_t modlen;
 	int i;
 
 	if (options->op_type == CPERF_CIPHER_ONLY ||
@@ -1557,8 +1558,6 @@ cperf_options_check(struct cperf_options *options)
 	}
 
 	if (options->rsa_modlen) {
-		uint16_t modlen = options->rsa_modlen / 8;
-
 		if (options->op_type != CPERF_ASYM_RSA) {
 			RTE_LOG(ERR, USER1, "Option rsa-modlen should be used only with "
 					" optype: rsa.\n");
@@ -1567,7 +1566,8 @@ cperf_options_check(struct cperf_options *options)
 
 		if (options->rsa_keytype == RTE_RSA_KEY_TYPE_QT) {
 			for (i = 0; i < (int)RTE_DIM(rsa_qt_perf_data); i++) {
-				if (rsa_qt_perf_data[i].n.length == modlen) {
+				modlen = rsa_qt_perf_data[i].n.length * 8;
+				if (options->rsa_modlen == modlen) {
 					options->rsa_data =
 						(struct cperf_rsa_test_data *)&rsa_qt_perf_data[i];
 					break;
@@ -1582,7 +1582,8 @@ cperf_options_check(struct cperf_options *options)
 			}
 		} else if (options->rsa_keytype == RTE_RSA_KEY_TYPE_EXP) {
 			for (i = 0; i < (int)RTE_DIM(rsa_exp_perf_data); i++) {
-				if (rsa_exp_perf_data[i].n.length == modlen) {
+				modlen = rsa_exp_perf_data[i].n.length * 8;
+				if (options->rsa_modlen == modlen) {
 					options->rsa_data =
 						(struct cperf_rsa_test_data *)&rsa_exp_perf_data[i];
 					break;
@@ -1597,7 +1598,8 @@ cperf_options_check(struct cperf_options *options)
 			}
 		} else {
 			for (i = 0; i < (int)RTE_DIM(rsa_pub_perf_data); i++) {
-				if (rsa_pub_perf_data[i].n.length == modlen) {
+				modlen = rsa_pub_perf_data[i].n.length * 8;
+				if (options->rsa_modlen == modlen) {
 					options->rsa_data =
 						(struct cperf_rsa_test_data *)&rsa_pub_perf_data[i];
 					break;
-- 
2.49.0

[PATCH 2/2] app/test-crypto-perf: fix other asym ops execution failure

[Sucharitha Sarananaga]

This patch addresses an issue where execution operations were failing
despite the optype parameter being correctly configured. The failure
occurring because it is executing rsa optype params check instead of
configured optype and removed copying of sign data into temporary buffer.

Fixes: e131b8e643fd ("app/crypto-perf: add RSA test vectors")

Signed-off-by: Sucharitha Sarananaga <ssarananaga@marvell.com>
---
 app/test-crypto-perf/cperf_ops.c             |   4 +-
 app/test-crypto-perf/cperf_options_parsing.c | 156 ++++++++++---------
 2 files changed, 81 insertions(+), 79 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index 20fba60426..49ee1ae49c 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -69,9 +69,7 @@ cperf_set_ops_asym_rsa(struct rte_crypto_op **ops,
 			asym_op->rsa.message.data = crypto_buf;
 			asym_op->rsa.message.length = options->rsa_data->n.length;
 		} else if (options->asym_op_type == RTE_CRYPTO_ASYM_OP_VERIFY) {
-			memcpy(crypto_buf, options->rsa_data->sign.data,
-				options->rsa_data->sign.length);
-			asym_op->rsa.sign.data = crypto_buf;
+			asym_op->rsa.sign.data = options->rsa_data->sign.data;
 			asym_op->rsa.sign.length = options->rsa_data->sign.length;
 			asym_op->rsa.message.data = rsa_plaintext.data;
 			asym_op->rsa.message.length = rsa_plaintext.len;
diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index 0c7c57ce42..dc36dc0f2d 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -1358,6 +1358,40 @@ is_valid_chained_op(struct cperf_options *options)
 	return false;
 }
 
+static int
+cperf_rsa_options_check(struct cperf_options *options)
+{
+	if (options->rsa_keytype != UINT8_MAX) {
+		switch (options->rsa_keytype) {
+		case RTE_RSA_KEY_TYPE_QT:
+			if (options->asym_op_type != RTE_CRYPTO_ASYM_OP_SIGN &&
+				options->asym_op_type != RTE_CRYPTO_ASYM_OP_DECRYPT) {
+				RTE_LOG(ERR, USER1, "QT private key to be used in sign and decrypt op\n");
+				return -EINVAL;
+			}
+			options->rsa_data = &rsa_qt_perf_data[0];
+			break;
+		case RTE_RSA_KEY_TYPE_EXP:
+			if (options->asym_op_type != RTE_CRYPTO_ASYM_OP_ENCRYPT &&
+				options->asym_op_type != RTE_CRYPTO_ASYM_OP_VERIFY) {
+				RTE_LOG(ERR, USER1, "Exponent private key to be used in encrypt and verify op\n");
+				return -EINVAL;
+			}
+			options->rsa_data = &rsa_exp_perf_data[0];
+			break;
+		default:
+			RTE_LOG(ERR, USER1, "Invalid RSA key type specified\n");
+			return -EINVAL;
+		}
+	} else {
+		if (options->asym_op_type != RTE_CRYPTO_ASYM_OP_ENCRYPT) {
+			RTE_LOG(ERR, USER1, "Public key to be used in encrypt op\n");
+			return -EINVAL;
+		}
+	}
+	return 0;
+}
+
 int
 cperf_options_check(struct cperf_options *options)
 {
@@ -1522,95 +1556,65 @@ cperf_options_check(struct cperf_options *options)
 		}
 	}
 
-	if (options->rsa_keytype != UINT8_MAX) {
-		if (options->op_type != CPERF_ASYM_RSA) {
-			RTE_LOG(ERR, USER1, "Option rsa-priv-keytype should be used only with "
-					" optype: rsa.\n");
-			return -EINVAL;
-		}
-
-		switch (options->rsa_keytype) {
-		case RTE_RSA_KEY_TYPE_QT:
-			if (options->asym_op_type != RTE_CRYPTO_ASYM_OP_SIGN &&
-			    options->asym_op_type != RTE_CRYPTO_ASYM_OP_DECRYPT) {
-				RTE_LOG(ERR, USER1, "QT private key to be used in sign and decrypt op\n");
-				return -EINVAL;
-			}
-			options->rsa_data = &rsa_qt_perf_data[0];
-			break;
-		case RTE_RSA_KEY_TYPE_EXP:
-			if (options->asym_op_type != RTE_CRYPTO_ASYM_OP_ENCRYPT &&
-			    options->asym_op_type != RTE_CRYPTO_ASYM_OP_VERIFY) {
-				RTE_LOG(ERR, USER1, "Exponent private key to be used in encrypt and verify op\n");
-				return -EINVAL;
-			}
-			options->rsa_data = &rsa_exp_perf_data[0];
-			break;
-		default:
-			RTE_LOG(ERR, USER1, "Invalid RSA key type specified\n");
-			return -EINVAL;
-		}
-	} else {
-		if (options->asym_op_type != RTE_CRYPTO_ASYM_OP_ENCRYPT) {
-			RTE_LOG(ERR, USER1, "Public key to be used in encrypt op\n");
-			return -EINVAL;
-		}
-	}
 
-	if (options->rsa_modlen) {
-		if (options->op_type != CPERF_ASYM_RSA) {
-			RTE_LOG(ERR, USER1, "Option rsa-modlen should be used only with "
-					" optype: rsa.\n");
+	if (options->op_type == CPERF_ASYM_RSA) {
+		if (cperf_rsa_options_check(options) < 0) {
+			RTE_LOG(ERR, USER1, "Invalid RSA options\n");
 			return -EINVAL;
 		}
 
-		if (options->rsa_keytype == RTE_RSA_KEY_TYPE_QT) {
-			for (i = 0; i < (int)RTE_DIM(rsa_qt_perf_data); i++) {
-				modlen = rsa_qt_perf_data[i].n.length * 8;
-				if (options->rsa_modlen == modlen) {
-					options->rsa_data =
-						(struct cperf_rsa_test_data *)&rsa_qt_perf_data[i];
-					break;
+		if (options->rsa_modlen) {
+			if (options->rsa_keytype == RTE_RSA_KEY_TYPE_QT) {
+				for (i = 0; i < (int)RTE_DIM(rsa_qt_perf_data); i++) {
+					modlen = rsa_qt_perf_data[i].n.length * 8;
+					if (options->rsa_modlen == modlen) {
+						options->rsa_data =
+							(struct cperf_rsa_test_data *)
+							&rsa_qt_perf_data[i];
+						break;
+					}
 				}
-			}
 
-			if (i == (int)RTE_DIM(rsa_qt_perf_data)) {
-				RTE_LOG(ERR, USER1,
-					"Option rsa_modlen: %d is not supported for QT private key\n",
-					options->rsa_modlen);
+				if (i == (int)RTE_DIM(rsa_qt_perf_data)) {
+					RTE_LOG(ERR, USER1,
+						"Option rsa_modlen: %d is not supported for QT private key\n",
+						options->rsa_modlen);
 					return -EINVAL;
-			}
-		} else if (options->rsa_keytype == RTE_RSA_KEY_TYPE_EXP) {
-			for (i = 0; i < (int)RTE_DIM(rsa_exp_perf_data); i++) {
-				modlen = rsa_exp_perf_data[i].n.length * 8;
-				if (options->rsa_modlen == modlen) {
-					options->rsa_data =
-						(struct cperf_rsa_test_data *)&rsa_exp_perf_data[i];
-					break;
 				}
-			}
+			} else if (options->rsa_keytype == RTE_RSA_KEY_TYPE_EXP) {
+				for (i = 0; i < (int)RTE_DIM(rsa_exp_perf_data); i++) {
+					modlen = rsa_exp_perf_data[i].n.length * 8;
+					if (options->rsa_modlen == modlen) {
+						options->rsa_data =
+							(struct cperf_rsa_test_data *)
+							&rsa_exp_perf_data[i];
+						break;
+					}
+				}
 
-			if (i == (int)RTE_DIM(rsa_exp_perf_data)) {
-				RTE_LOG(ERR, USER1,
-					"Option rsa_modlen: %d is not supported for exponent private key\n",
-					options->rsa_modlen);
+				if (i == (int)RTE_DIM(rsa_exp_perf_data)) {
+					RTE_LOG(ERR, USER1,
+						"Option rsa_modlen: %d is not supported for exponent private key\n",
+						options->rsa_modlen);
 					return -EINVAL;
-			}
-		} else {
-			for (i = 0; i < (int)RTE_DIM(rsa_pub_perf_data); i++) {
-				modlen = rsa_pub_perf_data[i].n.length * 8;
-				if (options->rsa_modlen == modlen) {
-					options->rsa_data =
-						(struct cperf_rsa_test_data *)&rsa_pub_perf_data[i];
-					break;
 				}
-			}
+			} else {
+				for (i = 0; i < (int)RTE_DIM(rsa_pub_perf_data); i++) {
+					modlen = rsa_pub_perf_data[i].n.length * 8;
+					if (options->rsa_modlen == modlen) {
+						options->rsa_data =
+							(struct cperf_rsa_test_data *)
+							&rsa_pub_perf_data[i];
+						break;
+					}
+				}
 
-			if (i == (int)RTE_DIM(rsa_pub_perf_data)) {
-				RTE_LOG(ERR, USER1,
-					"Option rsa_modlen: %d is not supported for public key\n",
-					options->rsa_modlen);
+				if (i == (int)RTE_DIM(rsa_pub_perf_data)) {
+					RTE_LOG(ERR, USER1,
+						"Option rsa_modlen: %d is not supported for public key\n",
+						options->rsa_modlen);
 					return -EINVAL;
+				}
 			}
 		}
 	}
-- 
2.49.0