From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9A1A0A04FF; Tue, 22 Mar 2022 09:53:27 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6FC09427ED; Tue, 22 Mar 2022 09:53:27 +0100 (CET) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mails.dpdk.org (Postfix) with ESMTP id E8FEE410E5 for ; Tue, 22 Mar 2022 09:53:25 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1647939206; x=1679475206; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=iIVYXxRkR5K+fsBnETDu8r1lrZOt1dP/H7KZwEHgusU=; b=G0nWEfnE+UaxTdiipnOXb8JR1brMEiuSTmptL6TMtU4RBxpR7rV888xM x9FeUHG32itTtlJxUVvSMbIJ8XnSw4tmV2ERW3bMcn+WGTyhLmS7RXIZF umQJvtWH4YM05tc4cInKWnrwUFzGgiL2kmwzAbwG7nr84tJ47K0vJBcrY Twhiv8Muge5Ed6wXiFZ/wrsyoPpIg/IuasKjjRMCB+P0orsuOEoJrZu9D mH5cOhCKJlRXvwwvmqfuYRuuXkKFdgMdbxkatmuLjNDHyFiAUrTW9Tyt0 vId6WXx7NzcRf5Ho7+NqMJ8SxHqVDyLOetqL5l85RqgxMZGzoTk3+RjaT w==; X-IronPort-AV: E=McAfee;i="6200,9189,10293"; a="256585541" X-IronPort-AV: E=Sophos;i="5.90,201,1643702400"; d="scan'208";a="256585541" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Mar 2022 01:53:25 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,201,1643702400"; d="scan'208";a="583184256" Received: from fmsmsx606.amr.corp.intel.com ([10.18.126.86]) by orsmga001.jf.intel.com with ESMTP; 22 Mar 2022 01:53:24 -0700 Received: from fmsmsx609.amr.corp.intel.com (10.18.126.89) by fmsmsx606.amr.corp.intel.com (10.18.126.86) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Tue, 22 Mar 2022 01:53:24 -0700 Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx609.amr.corp.intel.com (10.18.126.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Tue, 22 Mar 2022 01:53:23 -0700 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21 via Frontend Transport; Tue, 22 Mar 2022 01:53:23 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.176) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.21; Tue, 22 Mar 2022 01:53:23 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SUQ/RSMXdLL5VSRK9yuaojLyfyrLttTHg/RkbQDN/pcZa+HPW3y5H/BI0hnILIvJ+/d4Q8A+PCA8vsAiAzpdAAk0raxAvio+UP7r/leTOL6vtvwUWAInKHEquxWjZwP0ACfzU2s6RpE4gKlMtRwaxFhbC1RBPtsyWbhKfCIoUe+9AbPF5+UYyaD1q2uf9hFd72misFr6K7734NE4ztYcsixatdBCJtB7UIa0BXvMhK1a+YZrvJWQynbv0Fxf922/3FWuyqSKqe5JTj1dLi0fIh0Zq/Hkmn71DedwfQcoz5at9LgXe0kmR2FWAEnXZy7w7j9YUubTVQRhM8mftuGOVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NqytmviaMf9c7GO2hgn/32rGkHDcanRqoaFvll0dIdI=; b=gdKPqojpt+K/3BvZf5bibHOflkl6o2jRv18VcHhjhNCbKTB76mAr/HnQLxC/QBzB1NI0JgfiAbDeSrPd61DLNPLcRVoNmbWT7GhflDF9J5eMlGZ24m6W3SlrDLf78ueAnpkP65XHpfpyKmhFB+bEOwLHWxr8Iego9paTmaX5rV6hSXg2nEpI0OwrEqvzqhdsQRpQIGK2Zuvaqi4z8nHYP7iNbrPHj83rX/EAPFOacmm6uu9AYLSTatTGWY0MaAHlxtsr4UeRGk5Co/ZbxPBtFnOT1Vg5P1IJINBVbG78h1TFhI0d4+Htj6bkj+0eQP1oeYklia07VH7ZrERFo5J02w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH0PR11MB5013.namprd11.prod.outlook.com (2603:10b6:510:30::21) by CY4PR1101MB2069.namprd11.prod.outlook.com (2603:10b6:910:17::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.18; Tue, 22 Mar 2022 08:53:20 +0000 Received: from PH0PR11MB5013.namprd11.prod.outlook.com ([fe80::8189:36b8:ed0e:2501]) by PH0PR11MB5013.namprd11.prod.outlook.com ([fe80::8189:36b8:ed0e:2501%7]) with mapi id 15.20.5081.022; Tue, 22 Mar 2022 08:53:20 +0000 From: "Kusztal, ArkadiuszX" To: "dev@dpdk.org" CC: "gakhil@marvell.com" , "Zhang, Roy Fan" , "anoobj@marvell.com" Subject: RE: [RFC PATCH 1/2] cryptodev: rsa improvements Thread-Topic: [RFC PATCH 1/2] cryptodev: rsa improvements Thread-Index: AQHYPcR4w2y+hvHP2Uyay7ekHwfROazLDZKQ Date: Tue, 22 Mar 2022 08:53:20 +0000 Message-ID: References: <20220322081128.23733-1-arkadiuszx.kusztal@intel.com> In-Reply-To: <20220322081128.23733-1-arkadiuszx.kusztal@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-reaction: no-action dlp-version: 11.6.401.20 dlp-product: dlpe-windows authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2473985f-4735-424f-9937-08da0be16a56 x-ms-traffictypediagnostic: CY4PR1101MB2069:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: mC0/QBb1PHTJqHMZiafURgvFHXGH7obF2kSq2WffXyfhfE1vad7XpgUuGIdMP9x5JqPQ5LXYlOUZcO4hT2dChxifl8CVF4t49RhxsQnhoL8IH2U0mfGTb65Zy/y1rCAHFSc8/aMdDRYRLT2wfmxYCqSa8KJyt894fUlA3ozoTX8LzzWYiSuW3y5b8wW8Kc5jQlH4MHtEFm+RfFmubU4hR+KVL284IdZcL4nqKze5qtVaQhtCfUvZRapNlQs+OZ2mXirG6amaZ9U6Nxe0R/MHcrKdFosT7kHEBdTo7RFjQuchqHLAO0+9um54DLrxfBtuPk9vMWfhgyFxGP6q8EW+EIaAKiGso6Zh1lSWJQHeHeRkGzMOwJ64vaJVhrrcFDqKtRIisIaLsGFOAJL57xClY6OSupZiP1e7qgKJ3D02i7XImApkTgFIXPpTUAz6t8AWcWyHYPihtUpFYDgH3KXJHscg6xTWJoaBfmu8cMyeAYmSNjnDajliMJqFQYcOhZ/I/HQMMGMAVSqJEW3IeWriQlMCO9AuqR+zbJzmjP2Yc2jV7G05dOwOMpjXQNS8LKE66gZ0Sg4zljTRvIkxyYKlpKtWz43y54w1xYftCsgwo1kbL+3EABq8F+VVqIkbJx2URuuFbAwT86amcZ6XqlnmAGXevzXabfZLqu+a0RTIFUV08Qrwxt19rwLuotwJc4MzE1wJPlJjlGLq1d/WuhxDJ0JOMbhwLOkOcUtL1iw3UIU= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB5013.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(8676002)(52536014)(54906003)(30864003)(71200400001)(5660300002)(83380400001)(66946007)(53546011)(6506007)(316002)(7696005)(86362001)(4326008)(508600001)(76116006)(6916009)(8936002)(66446008)(66476007)(66556008)(64756008)(38070700005)(82960400001)(55016003)(9686003)(2906002)(38100700002)(33656002)(26005)(186003)(122000001)(559001)(579004)(473944003); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?HdkPjB/RligWCEMlvA4zVD8Rm3ZIfTZDsUTQBk5t6ozpe+QvkORCsVvlQ2ed?= =?us-ascii?Q?Fmd9un/z8tIUFMcia+/doAg6hgcDsHFsQxz7lydMqwuRjHRusqetPXuxmSBZ?= =?us-ascii?Q?YL4ckP4abvsoT+hI509RbIqqlfKXvv9JdEg6kfL0QQv8gCJhF7C+G3jG+Zqn?= =?us-ascii?Q?6Dqe5ydyH9JiqnBsjLDr6ehCwHaTg8IPa2rR7aIg11zHmH/XTN2ZT9BK5Aam?= =?us-ascii?Q?0Gt50BnAt6E5m6GwayR4ItrH6zJzlPisJTyp9W1FL3LZB2/EtoWYRN1FMxuI?= =?us-ascii?Q?xHdyzDV5DVBUiM61UrY1dXTJ9rz95eo4qkWa949pC+HObXgNCsnUPG2tDRsV?= =?us-ascii?Q?KHn2KTzP6m+1ey53dlDSPup8Od0MM/wZ+s6kBS1MhLi+rfodqUWW9Z1f6hto?= =?us-ascii?Q?xQ7/EmC04VLW5Ozdv0hVSVaJpwiiWekNSU95Ig4BiKe86lmnPG7ogWyvyqsg?= =?us-ascii?Q?Pnlfns9GQ1o4gk1KKVKkEqE77AVq/hY+e7z9nxIJlg5K90QmudOLBjskopeV?= =?us-ascii?Q?2Vac5pp6WZZG6+qx5XHZOloIz6vbsGxec7i43QKxlrG/2zAQq9o9SXTK5H6R?= =?us-ascii?Q?Dt2hVUuZOBXks00dXp0bXzhhSfc/Hf0L5AYBBwXtQh+iUalIiyjq3DBZnvVg?= =?us-ascii?Q?MzVFAlHvuLGYfonWqNZ5vu1Y0Kv/bRB+fsdVCrwFGOK9bsdpJZuIOMg7C6+Y?= =?us-ascii?Q?aG7PaP2CNIXZGV6D4ZMdsQxcp2P3LjyYUfJC+WW2VCWY8sKLoLPgtLOZCkMd?= =?us-ascii?Q?x+1ff/cmgiImEk9JeOrIGgjZliF/e4RWJyCy7Yu5jjaj+Pxvy5deS678JkjB?= =?us-ascii?Q?WGITvUDQrSrwl/6YRS773h0XAdJF/8V1QbAlltXRPtcpvUhfM6D/CzUxuf3P?= =?us-ascii?Q?V3v9dH3bxAT2tbZOxGJiMpg7emF0J7dLHsW5qsaldufF87Za5rR5j4YFapPJ?= =?us-ascii?Q?7kREWoG20580jPsZEY1xDmCs9hrOwPh791c0Tte4qskQBU9QH2+wGBUrQnve?= =?us-ascii?Q?dD0K/l32EL7MFF4QpLjKnps+YKlvkjqA0MpUB0dZWRR2gHnBw7G9y+x/sDfM?= =?us-ascii?Q?x5w7JDSoCk9/AMg7++zMZBuGOqhQP0Pw9RNsMx620IG77FtB5sV5OoY94siZ?= =?us-ascii?Q?NI9413HqzK1bCHWP2y0jvwCtJB+k2PgEUnWq2EgsLZPyPsYGXu7Z6VvFG+1G?= =?us-ascii?Q?5luz/49cTzPN9/4RizuhoFsVejD2mbFHxSNTGy4NCaYMg5u/lbEY/XJ5//zq?= =?us-ascii?Q?u608QsCdA1Wq76qk45pQ7Cp08VDC77C9oJXNUJ8TKMghSXOhRaakRrxuHX4A?= =?us-ascii?Q?4JehV9SJZG7NpfjI/gZIk5pN3wjG7r1GcSN4GkfQia/8uWzk+miyf1N6pglh?= =?us-ascii?Q?dpoIwl6THHlF8Qac3AjnsaVGWvRlQpXA8Tvsw7nPhv+d2jaKOzxoEgyJfu+A?= =?us-ascii?Q?V8Pr3Xr+t9Q3Bpm7dI4NCHET5CK7xTyBfJmnF/Am3Hw9Cmlqb6lysg=3D=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5013.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2473985f-4735-424f-9937-08da0be16a56 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Mar 2022 08:53:20.4859 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Na1Vr3MsYlYasPQJqQlA1BM183v6kgRg0ESXToRTKoVtfcESkSpjERuoy2UEWi1OP2Aj+5FgSsognZhBdrEFkVam+TQEOuETO1TTry1V+64= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1101MB2069 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Hi, > -----Original Message----- > From: Kusztal, ArkadiuszX > Sent: Tuesday, March 22, 2022 9:11 AM > To: dev@dpdk.org > Cc: gakhil@marvell.com; Zhang, Roy Fan ; > anoobj@marvell.com; Kusztal, ArkadiuszX > Subject: [RFC PATCH 1/2] cryptodev: rsa improvements >=20 > This commit reworks rsa implementation. >=20 > Signed-off-by: Arek Kusztal > --- > app/test/test_cryptodev_asym.c | 90 +++++++------ > app/test/test_cryptodev_asym_util.h | 4 +- > drivers/crypto/meson.build | 4 +- > drivers/crypto/openssl/rte_openssl_pmd.c | 36 ++--- > drivers/crypto/qat/dev/qat_asym_pmd_gen1.c | 2 + > drivers/crypto/qat/qat_asym.c | 28 ++-- > lib/cryptodev/rte_crypto_asym.h | 202 +++++++++++++++++++++--= ------ > 7 files changed, 235 insertions(+), 131 deletions(-) >=20 > diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asy= m.c > index 573af2a537..71378cbdb2 100644 > --- a/app/test/test_cryptodev_asym.c > +++ b/app/test/test_cryptodev_asym.c > @@ -75,6 +75,7 @@ queue_ops_rsa_sign_verify(void *sess) > struct rte_crypto_op *op, *result_op; > struct rte_crypto_asym_op *asym_op; > uint8_t output_buf[TEST_DATA_SIZE]; > + uint8_t input_sign[TEST_DATA_SIZE]; > int status =3D TEST_SUCCESS; >=20 > /* Set up crypto op data structure */ > @@ -90,14 +91,14 @@ queue_ops_rsa_sign_verify(void *sess) > /* Compute sign on the test vector */ > asym_op->rsa.op_type =3D RTE_CRYPTO_ASYM_OP_SIGN; >=20 > - asym_op->rsa.message.data =3D rsaplaintext.data; > - asym_op->rsa.message.length =3D rsaplaintext.len; > - asym_op->rsa.sign.length =3D 0; > - asym_op->rsa.sign.data =3D output_buf; > - asym_op->rsa.pad =3D RTE_CRYPTO_RSA_PADDING_PKCS1_5; > + asym_op->rsa.input.data =3D rsaplaintext.data; > + asym_op->rsa.input.length =3D rsaplaintext.len; > + asym_op->rsa.output.length =3D 0; > + asym_op->rsa.output.data =3D output_buf; > + asym_op->rsa.padding.type =3D RTE_CRYPTO_RSA_PADDING_PKCS1_5; >=20 > - debug_hexdump(stdout, "message", asym_op->rsa.message.data, > - asym_op->rsa.message.length); > + debug_hexdump(stdout, "message", asym_op->rsa.input.data, > + asym_op->rsa.input.length); >=20 > /* Attach asymmetric crypto session to crypto operations */ > rte_crypto_op_attach_asym_session(op, sess); @@ -120,13 +121,18 > @@ queue_ops_rsa_sign_verify(void *sess) > goto error_exit; > } >=20 > - debug_hexdump(stdout, "signed message", asym_op->rsa.sign.data, > - asym_op->rsa.sign.length); > + debug_hexdump(stdout, "signed message", asym_op->rsa.output.data, > + asym_op->rsa.output.length); > asym_op =3D result_op->asym; >=20 > /* Verify sign */ > + memcpy(input_sign, asym_op->rsa.output.data, asym_op- > >rsa.output.length); > + asym_op->rsa.input.data =3D input_sign; > + asym_op->rsa.input.length =3D asym_op->rsa.output.length; > + asym_op->rsa.message.data =3D rsaplaintext.data; > + asym_op->rsa.message.length =3D rsaplaintext.len; > asym_op->rsa.op_type =3D RTE_CRYPTO_ASYM_OP_VERIFY; > - asym_op->rsa.pad =3D RTE_CRYPTO_RSA_PADDING_PKCS1_5; > + asym_op->rsa.padding.type =3D RTE_CRYPTO_RSA_PADDING_PKCS1_5; >=20 > /* Process crypto operation */ > if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) !=3D 1) { @@ -181,14 > +187,14 @@ queue_ops_rsa_enc_dec(void *sess) > /* Compute encryption on the test vector */ > asym_op->rsa.op_type =3D RTE_CRYPTO_ASYM_OP_ENCRYPT; >=20 > - asym_op->rsa.message.data =3D rsaplaintext.data; > - asym_op->rsa.cipher.data =3D cipher_buf; > - asym_op->rsa.cipher.length =3D 0; > - asym_op->rsa.message.length =3D rsaplaintext.len; > - asym_op->rsa.pad =3D RTE_CRYPTO_RSA_PADDING_PKCS1_5; > + asym_op->rsa.input.data =3D rsaplaintext.data; > + asym_op->rsa.output.data =3D cipher_buf; > + asym_op->rsa.output.length =3D 0; > + asym_op->rsa.input.length =3D rsaplaintext.len; > + asym_op->rsa.padding.type =3D RTE_CRYPTO_RSA_PADDING_PKCS1_5; >=20 > - debug_hexdump(stdout, "message", asym_op->rsa.message.data, > - asym_op->rsa.message.length); > + debug_hexdump(stdout, "message", asym_op->rsa.input.data, > + asym_op->rsa.input.length); >=20 > /* Attach asymmetric crypto session to crypto operations */ > rte_crypto_op_attach_asym_session(op, sess); @@ -210,14 +216,14 > @@ queue_ops_rsa_enc_dec(void *sess) > status =3D TEST_FAILED; > goto error_exit; > } > - debug_hexdump(stdout, "encrypted message", asym_op- > >rsa.message.data, > - asym_op->rsa.message.length); > + debug_hexdump(stdout, "encrypted message", asym_op- > >rsa.input.data, > + asym_op->rsa.input.length); >=20 > /* Use the resulted output as decryption Input vector*/ > asym_op =3D result_op->asym; > - asym_op->rsa.message.length =3D 0; > + asym_op->rsa.input.length =3D 0; > asym_op->rsa.op_type =3D RTE_CRYPTO_ASYM_OP_DECRYPT; > - asym_op->rsa.pad =3D RTE_CRYPTO_RSA_PADDING_PKCS1_5; > + asym_op->rsa.padding.type =3D RTE_CRYPTO_RSA_PADDING_PKCS1_5; >=20 > /* Process crypto operation */ > if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) !=3D 1) { @@ -270,20 > +276,20 @@ test_cryptodev_asym_ver(struct rte_crypto_op *op, > case RTE_CRYPTO_ASYM_XFORM_RSA: > if (op->asym->rsa.op_type =3D=3D > RTE_CRYPTO_ASYM_OP_ENCRYPT) { > data_size =3D xform_tc->rsa.n.length; > - data_received =3D result_op->asym->rsa.cipher.data; > + data_received =3D result_op->asym->rsa.output.data; > data_expected =3D data_tc->rsa_data.ct.data; > } else if (op->asym->rsa.op_type =3D=3D > RTE_CRYPTO_ASYM_OP_DECRYPT) { > data_size =3D xform_tc->rsa.n.length; > data_expected =3D data_tc->rsa_data.pt.data; > - data_received =3D result_op->asym->rsa.message.data; > + data_received =3D result_op->asym->rsa.output.data; > } else if (op->asym->rsa.op_type =3D=3D > RTE_CRYPTO_ASYM_OP_SIGN) { > data_size =3D xform_tc->rsa.n.length; > data_expected =3D data_tc->rsa_data.sign.data; > - data_received =3D result_op->asym->rsa.sign.data; > + data_received =3D result_op->asym->rsa.output.data; > } else if (op->asym->rsa.op_type =3D=3D > RTE_CRYPTO_ASYM_OP_VERIFY) { > data_size =3D xform_tc->rsa.n.length; > data_expected =3D data_tc->rsa_data.pt.data; > - data_received =3D result_op->asym->rsa.cipher.data; > + data_received =3D result_op->asym->rsa.output.data; > } > break; > case RTE_CRYPTO_ASYM_XFORM_DH: > @@ -414,28 +420,28 @@ test_cryptodev_asym_op(struct > crypto_testsuite_params_asym *ts_params, > } >=20 > xform_tc.rsa.key_type =3D key_type; > - op->asym->rsa.pad =3D data_tc->rsa_data.padding; > + op->asym->rsa.padding.type =3D data_tc->rsa_data.padding; >=20 > if (op->asym->rsa.op_type =3D=3D > RTE_CRYPTO_ASYM_OP_ENCRYPT) { > - asym_op->rsa.message.data =3D data_tc- > >rsa_data.pt.data; > - asym_op->rsa.message.length =3D data_tc- > >rsa_data.pt.len; > - asym_op->rsa.cipher.data =3D result; > - asym_op->rsa.cipher.length =3D data_tc->rsa_data.n.len; > + asym_op->rsa.input.data =3D data_tc->rsa_data.pt.data; > + asym_op->rsa.input.length =3D data_tc->rsa_data.pt.len; > + asym_op->rsa.output.data =3D result; > + asym_op->rsa.output.length =3D data_tc->rsa_data.n.len; > } else if (op->asym->rsa.op_type =3D=3D > RTE_CRYPTO_ASYM_OP_DECRYPT) { > - asym_op->rsa.message.data =3D result; > - asym_op->rsa.message.length =3D data_tc- > >rsa_data.n.len; > - asym_op->rsa.cipher.data =3D data_tc->rsa_data.ct.data; > - asym_op->rsa.cipher.length =3D data_tc->rsa_data.ct.len; > + asym_op->rsa.output.data =3D result; > + asym_op->rsa.output.length =3D data_tc->rsa_data.n.len; > + asym_op->rsa.input.data =3D data_tc->rsa_data.ct.data; > + asym_op->rsa.input.length =3D data_tc->rsa_data.ct.len; > } else if (op->asym->rsa.op_type =3D=3D > RTE_CRYPTO_ASYM_OP_SIGN) { > - asym_op->rsa.sign.data =3D result; > - asym_op->rsa.sign.length =3D data_tc->rsa_data.n.len; > - asym_op->rsa.message.data =3D data_tc- > >rsa_data.pt.data; > - asym_op->rsa.message.length =3D data_tc- > >rsa_data.pt.len; > + asym_op->rsa.output.data =3D result; > + asym_op->rsa.output.length =3D data_tc->rsa_data.n.len; > + asym_op->rsa.input.data =3D data_tc->rsa_data.pt.data; > + asym_op->rsa.input.length =3D data_tc->rsa_data.pt.len; > } else if (op->asym->rsa.op_type =3D=3D > RTE_CRYPTO_ASYM_OP_VERIFY) { > - asym_op->rsa.cipher.data =3D result; > - asym_op->rsa.cipher.length =3D data_tc->rsa_data.n.len; > - asym_op->rsa.sign.data =3D data_tc->rsa_data.sign.data; > - asym_op->rsa.sign.length =3D data_tc->rsa_data.sign.len; > + asym_op->rsa.input.data =3D data_tc- > >rsa_data.sign.data; > + asym_op->rsa.input.length =3D data_tc- > >rsa_data.sign.len; > + asym_op->rsa.output.data =3D result; > + asym_op->rsa.output.length =3D data_tc->rsa_data.n.len; > } > break; > case RTE_CRYPTO_ASYM_XFORM_DH: > diff --git a/app/test/test_cryptodev_asym_util.h > b/app/test/test_cryptodev_asym_util.h > index 83dc265dd7..175a6a4307 100644 > --- a/app/test/test_cryptodev_asym_util.h > +++ b/app/test/test_cryptodev_asym_util.h > @@ -11,8 +11,8 @@ static inline int rsa_verify(struct rsa_test_data > *rsa_param, > struct rte_crypto_op *result_op) > { > if (memcmp(rsa_param->data, > - result_op->asym->rsa.message.data, > - result_op->asym->rsa.message.length)) > + result_op->asym->rsa.input.data, > + result_op->asym->rsa.input.length)) > return -1; > return 0; > } > diff --git a/drivers/crypto/meson.build b/drivers/crypto/meson.build inde= x > 147b8cf633..4d83b45ca5 100644 > --- a/drivers/crypto/meson.build > +++ b/drivers/crypto/meson.build > @@ -7,7 +7,7 @@ drivers =3D [ > 'bcmfs', > 'caam_jr', > 'ccp', > - 'cnxk', > +# 'cnxk', > 'dpaa_sec', > 'dpaa2_sec', > 'ipsec_mb', > @@ -15,7 +15,7 @@ drivers =3D [ > 'mvsam', > 'nitrox', > 'null', > - 'octeontx', > +# 'octeontx', > 'openssl', > 'scheduler', > 'virtio', > diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c > b/drivers/crypto/openssl/rte_openssl_pmd.c > index d80e1052e2..45cee47c5d 100644 > --- a/drivers/crypto/openssl/rte_openssl_pmd.c > +++ b/drivers/crypto/openssl/rte_openssl_pmd.c > @@ -1897,7 +1897,7 @@ process_openssl_rsa_op(struct rte_crypto_op *cop, > int ret =3D 0; > struct rte_crypto_asym_op *op =3D cop->asym; > RSA *rsa =3D sess->u.r.rsa; > - uint32_t pad =3D (op->rsa.pad); > + uint32_t pad =3D (op->rsa.padding.type); > uint8_t *tmp; >=20 > cop->status =3D RTE_CRYPTO_OP_STATUS_SUCCESS; @@ -1918,47 > +1918,47 @@ process_openssl_rsa_op(struct rte_crypto_op *cop, >=20 > switch (op->rsa.op_type) { > case RTE_CRYPTO_ASYM_OP_ENCRYPT: > - ret =3D RSA_public_encrypt(op->rsa.message.length, > - op->rsa.message.data, > - op->rsa.cipher.data, > + ret =3D RSA_public_encrypt(op->rsa.input.length, > + op->rsa.input.data, > + op->rsa.output.data, > rsa, > pad); >=20 > if (ret > 0) > - op->rsa.cipher.length =3D ret; > + op->rsa.output.length =3D ret; > OPENSSL_LOG(DEBUG, > "length of encrypted text %d\n", ret); > break; >=20 > case RTE_CRYPTO_ASYM_OP_DECRYPT: > - ret =3D RSA_private_decrypt(op->rsa.cipher.length, > - op->rsa.cipher.data, > - op->rsa.message.data, > + ret =3D RSA_private_decrypt(op->rsa.input.length, > + op->rsa.input.data, > + op->rsa.output.data, > rsa, > pad); > if (ret > 0) > - op->rsa.message.length =3D ret; > + op->rsa.output.length =3D ret; > break; >=20 > case RTE_CRYPTO_ASYM_OP_SIGN: > - ret =3D RSA_private_encrypt(op->rsa.message.length, > - op->rsa.message.data, > - op->rsa.sign.data, > + ret =3D RSA_private_encrypt(op->rsa.input.length, > + op->rsa.input.data, > + op->rsa.output.data, > rsa, > pad); > if (ret > 0) > - op->rsa.sign.length =3D ret; > + op->rsa.output.length =3D ret; > break; >=20 > case RTE_CRYPTO_ASYM_OP_VERIFY: > - tmp =3D rte_malloc(NULL, op->rsa.sign.length, 0); > + tmp =3D rte_malloc(NULL, op->rsa.input.length, 0); > if (tmp =3D=3D NULL) { > OPENSSL_LOG(ERR, "Memory allocation failed"); > cop->status =3D RTE_CRYPTO_OP_STATUS_ERROR; > break; > } > - ret =3D RSA_public_decrypt(op->rsa.sign.length, > - op->rsa.sign.data, > + ret =3D RSA_public_decrypt(op->rsa.input.length, > + op->rsa.input.data, > tmp, > rsa, > pad); > @@ -1966,9 +1966,9 @@ process_openssl_rsa_op(struct rte_crypto_op *cop, > OPENSSL_LOG(DEBUG, > "Length of public_decrypt %d " > "length of message %zd\n", > - ret, op->rsa.message.length); > + ret, op->rsa.input.length); > if ((ret <=3D 0) || (CRYPTO_memcmp(tmp, op->rsa.message.data, > - op->rsa.message.length))) { > + op->rsa.input.length))) { > OPENSSL_LOG(ERR, "RSA sign Verification failed"); > cop->status =3D RTE_CRYPTO_OP_STATUS_ERROR; > } > diff --git a/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c > b/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c > index 4499fdaf2d..b84e2963b0 100644 > --- a/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c > +++ b/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c > @@ -4,10 +4,12 @@ >=20 > #include > #include > +#include > #include "qat_asym.h" > #include "qat_crypto.h" > #include "qat_crypto_pmd_gens.h" >=20 > + > struct rte_cryptodev_ops qat_asym_crypto_ops_gen1 =3D { > /* Device related operations */ > .dev_configure =3D qat_cryptodev_config, > diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.= c > index 479d5308cf..cb2b47acbb 100644 > --- a/drivers/crypto/qat/qat_asym.c > +++ b/drivers/crypto/qat/qat_asym.c > @@ -345,9 +345,9 @@ rsa_set_pub_input(struct rte_crypto_asym_op > *asym_op, > alg_bytesize =3D qat_function.bytesize; >=20 > if (asym_op->rsa.op_type =3D=3D RTE_CRYPTO_ASYM_OP_ENCRYPT) { > - switch (asym_op->rsa.pad) { > + switch (asym_op->rsa.padding.type) { > case RTE_CRYPTO_RSA_PADDING_NONE: > - SET_PKE_LN(cookie->input_array, asym_op- > >rsa.message, > + SET_PKE_LN(cookie->input_array, asym_op->rsa.input, > alg_bytesize, 0); > break; > default: > @@ -358,9 +358,9 @@ rsa_set_pub_input(struct rte_crypto_asym_op > *asym_op, > } > HEXDUMP("RSA Message", cookie->input_array[0], > alg_bytesize); > } else { > - switch (asym_op->rsa.pad) { > + switch (asym_op->rsa.padding.type) { > case RTE_CRYPTO_RSA_PADDING_NONE: > - SET_PKE_LN(cookie->input_array, asym_op->rsa.sign, > + SET_PKE_LN(cookie->input_array, asym_op->rsa.input, > alg_bytesize, 0); > break; > default: > @@ -454,9 +454,9 @@ rsa_set_priv_input(struct rte_crypto_asym_op > *asym_op, >=20 > if (asym_op->rsa.op_type =3D=3D > RTE_CRYPTO_ASYM_OP_DECRYPT) { > - switch (asym_op->rsa.pad) { > + switch (asym_op->rsa.padding.type) { > case RTE_CRYPTO_RSA_PADDING_NONE: > - SET_PKE_LN(cookie->input_array, asym_op- > >rsa.cipher, > + SET_PKE_LN(cookie->input_array, asym_op->rsa.input, > alg_bytesize, 0); > HEXDUMP("RSA ciphertext", cookie->input_array[0], > alg_bytesize); > @@ -469,9 +469,9 @@ rsa_set_priv_input(struct rte_crypto_asym_op > *asym_op, >=20 > } else if (asym_op->rsa.op_type =3D=3D > RTE_CRYPTO_ASYM_OP_SIGN) { > - switch (asym_op->rsa.pad) { > + switch (asym_op->rsa.padding.type) { > case RTE_CRYPTO_RSA_PADDING_NONE: > - SET_PKE_LN(cookie->input_array, asym_op- > >rsa.message, > + SET_PKE_LN(cookie->input_array, asym_op->rsa.input, > alg_bytesize, 0); > HEXDUMP("RSA text to be signed", cookie- > >input_array[0], > alg_bytesize); > @@ -519,7 +519,7 @@ rsa_collect(struct rte_crypto_asym_op *asym_op, >=20 > if (asym_op->rsa.op_type =3D=3D > RTE_CRYPTO_ASYM_OP_ENCRYPT) { > - uint8_t *rsa_result =3D asym_op->rsa.cipher.data; > + uint8_t *rsa_result =3D asym_op->rsa.output.data; >=20 > rte_memcpy(rsa_result, > cookie->output_array[0], > @@ -527,9 +527,9 @@ rsa_collect(struct rte_crypto_asym_op *asym_op, > HEXDUMP("RSA Encrypted data", cookie- > >output_array[0], > alg_bytesize); > } else { > - uint8_t *rsa_result =3D asym_op->rsa.cipher.data; > + uint8_t *rsa_result =3D asym_op->rsa.output.data; >=20 > - switch (asym_op->rsa.pad) { > + switch (asym_op->rsa.padding.type) { > case RTE_CRYPTO_RSA_PADDING_NONE: > rte_memcpy(rsa_result, > cookie->output_array[0], > @@ -545,9 +545,9 @@ rsa_collect(struct rte_crypto_asym_op *asym_op, > } > } else { > if (asym_op->rsa.op_type =3D=3D > RTE_CRYPTO_ASYM_OP_DECRYPT) { > - uint8_t *rsa_result =3D asym_op->rsa.message.data; > + uint8_t *rsa_result =3D asym_op->rsa.output.data; >=20 > - switch (asym_op->rsa.pad) { > + switch (asym_op->rsa.padding.type) { > case RTE_CRYPTO_RSA_PADDING_NONE: > rte_memcpy(rsa_result, > cookie->output_array[0], > @@ -561,7 +561,7 @@ rsa_collect(struct rte_crypto_asym_op *asym_op, > return RTE_CRYPTO_OP_STATUS_ERROR; > } > } else { > - uint8_t *rsa_result =3D asym_op->rsa.sign.data; > + uint8_t *rsa_result =3D asym_op->rsa.output.data; >=20 > rte_memcpy(rsa_result, > cookie->output_array[0], > diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_a= sym.h > index cd24d4b07b..834e06b96b 100644 > --- a/lib/cryptodev/rte_crypto_asym.h > +++ b/lib/cryptodev/rte_crypto_asym.h > @@ -50,6 +50,19 @@ enum rte_crypto_ec_group { > RTE_CRYPTO_EC_GROUP_SECP521R1 =3D 25, > }; >=20 > +/**< > + * When set, message instead of message digest should be > + * provided as an input for signature generation */ #define > +RTE_CRYPTO_RSA_FLAG_PT /**< [Arek] - this is introduced because drivers may differ in terms what should= be provided as an input to the signature function. OpenSSL even differ in that between versions (i.e. EVP_DigestSign will requ= ire message not digest, and no other option in 3.0). > + * When set, algorithmIdentifier is not added to message digest, > + * therefore not forming digestInfo struct. PKCS1 v1.5 padding > + * is added without further changes. > + */ > +#define RTE_CRYPTO_RSA_FLAG_PKCS1_NO_ASN1 [Arek] - this one I explained some time ago, (example in second patch of th= is series). OpenSSL PMD with current implementation does padding without pr= operly filling DigestInfo struct, but in case something works this way (i.e= . current OpenSSL PMD RSA_private_encrypt) there should be an option. > + > + > /** > * Asymmetric crypto transformation types. > * Each xform type maps to one asymmetric algorithm @@ -118,6 +131,21 @@ > enum rte_crypto_asym_op_type { > RTE_CRYPTO_ASYM_OP_LIST_END > }; >=20 > +enum rte_crypto_mgf { > + RTE_CRYPTO_MGF_DEFAULT, > + /**< Default mask generation function */ > + RTE_CRYPTO_MGF_MGF1_SHA1, > + /**< MGF1 function with SHA1 hash algorithm */ > + RTE_CRYPTO_MGF_MGF1_SHA224, > + /**< MGF1 function with SHA224 hash algorithm */ > + RTE_CRYPTO_MGF_MGF1_SHA256, > + /**< MGF1 function with SHA256 hash algorithm */ > + RTE_CRYPTO_MGF_MGF1_SHA384, > + /**< MGF1 function with SHA384 hash algorithm */ > + RTE_CRYPTO_MGF_MGF1_SHA512, > + /**< MGF1 function with SHA512 hash algorithm */ }; > + [Arek] - this is not that necessary as probably MGF function will no change= in near future but it is more conformant to the standard. > /** > * Padding types for RSA signature. > */ > @@ -162,6 +190,11 @@ enum rte_crypto_rsa_priv_key_type { > * and the device supports CSRNG, 'data' should be set to NULL. > * The crypto parameter in question will not be used by the PMD, > * as it is internally generated. > + * > + * In case an allocated buffer is used to return data from the PMD, > + * i.e. encrypted/decrypted data or signature, it should be allocated > + * with enough memory to hold the expected output. The length field > + will be set > + * with the length of the data returned by the PMD. > */ > typedef struct rte_crypto_param_t { > uint8_t *data; > @@ -170,6 +203,8 @@ typedef struct rte_crypto_param_t { > /**< IO address of data buffer */ > size_t length; > /**< length of data in bytes */ > + uint32_t capacity; > + /**< capacity of this buffer in bytes */ [Arek] - ultimately we could replace it with rte_crypto_vec, but if not I t= hink this could be useful information. > } rte_crypto_param; >=20 > /** Unsigned big-integer in big-endian format */ @@ -311,6 +346,62 @@ > struct rte_crypto_mod_op_param { }; >=20 > /** > + * RSA padding type > + */ [Arek] - I have moved padding to separate struct as there are too many para= meters (some of them lacking in current api), I think this could be easier = readable. Hash right now is used as an input parameter to PKCS1 signature function to= o. > +struct rte_crypto_rsa_padding { > + enum rte_crypto_rsa_padding_type type; > + /**< Type of RSA padding */ > + enum rte_crypto_auth_algorithm hash; [Arek] - unfortunately we cannot have here default as we use this unfortuna= te enum, unless we add new one for asymmetric crypto. > + /**< > + * RSA padding hash function > + * > + * When a specific padding type is selected, the following rules applie= s: > + * - RTE_CRYPTO_RSA_PADDING_NONE: > + * This field is ignored by the PMD > + * > + * - RTE_CRYPTO_RSA_PADDING_PKCS1_5: > + * When signing operation this field is used to determine value > + * of the DigestInfo structure, therefore specifying which algorithm > + * was used to create the message digest. > + * When doing encryption/decryption this field is ignored for this > + * padding type. > + * > + * - RTE_CRYPTO_RSA_PADDING_OAEP > + * This field shall be set with the hash algorithm used > + * in the padding scheme > + * > + * - RTE_CRYPTO_RSA_PADDING_PSS > + * This field shall be set with the hash algorithm used > + * in the padding scheme (and to create the input message digest) > + */ > + enum rte_crypto_mgf mgf; > + /**< > + * RSA padding mask generation function > + * > + * Used only for OAEP and PSS padding, otherwise ignored > + * by the PMD. > + * If RTE_CRYPTO_MGF_DEFAULT is selected, the default mask > generation > + * function defined by RFC standard is used with the hash function > + * selected in the hash field. > + */ > + uint16_t saltlen; > + /**< > + * RSA PSS padding salt length > + * > + * Used only when RTE_CRYPTO_RSA_PADDING_PSS padding is > selected, > + * otherwise ignored. > + */ > + rte_crypto_param label; > + /**< > + * RSA OAEP padding optional label > + * > + * Used only when RTE_CRYPTO_RSA_PADDING_OAEP padding is > selected, > + * otherwise ignored. If label.data =3D=3D NULL, a default label (empty > string) > + * is used. > + */ > +}; > + > +/** > * RSA operation params > * > */ [Arek] - biggest change here is that instead of message, cipher, signature = there is input and output because: 1) Only two of these fields can be used in one operation: 2) Having same fields for input and output for different operations makes i= t more difficult to follow. 3) When SIGN_VERIFY for NONE PADDING (popular case) we should return decryp= ted signature so output is here the best option (unless we will drop verify= option for NONE padding) > @@ -318,72 +409,77 @@ struct rte_crypto_rsa_op_param { > enum rte_crypto_asym_op_type op_type; > /**< Type of RSA operation for transform */ >=20 > - rte_crypto_param message; > + rte_crypto_param input; > /**< > - * Pointer to input data > - * - to be encrypted for RSA public encrypt. > - * - to be signed for RSA sign generation. > - * - to be authenticated for RSA sign verification. > + * When op_type =3D=3D RTE_CRYPTO_ASYM_OP_ENCRYPT: > * > - * Pointer to output data > - * - for RSA private decrypt. > - * In this case the underlying array should have been > - * allocated with enough memory to hold plaintext output > - * (i.e. must be at least RSA key size). The message.length > - * field should be 0 and will be overwritten by the PMD > - * with the decrypted length. > + * If padding.type =3D RTE_CRYPTO_RSA_PADDING_NONE > + * input should only be used along with cryptographically > + * secure padding scheme. > + * If padding.type =3D RTE_CRYPTO_RSA_PADDING_PKCS1_5 > + * input shall be no longer than public modulus minus 11. > + * If padding.type =3D RTE_CRYPTO_RSA_PADDING_OAEP > + * input shall be no longer than public modulus - > + * 2 * len(hash) - 2. > * > - * All data is in Octet-string network byte order format. > - */ > - > - rte_crypto_param cipher; > - /**< > - * Pointer to input data > - * - to be decrypted for RSA private decrypt. > + * When op_type =3D=3D RTE_CRYPTO_ASYM_OP_SIGN: > + * > + * If padding.type =3D RTE_CRYPTO_RSA_PADDING_NONE > + * input should only be used along with cryptographically > + * secure padding scheme. * > + * If padding.type =3D RTE_CRYPTO_RSA_PADDING_PKCS1_5 or > + * RTE_CRYPTO_RSA_PADDING_PSS > + * if the RTE_CRYPTO_RSA_FLAG_PT flag is set, input shall contain > + * the message to be signed, if this flag is not set, input shall conta= in > + * the digest of the message to be signed. > * > - * Pointer to output data > - * - for RSA public encrypt. > - * In this case the underlying array should have been allocated > - * with enough memory to hold ciphertext output (i.e. must be > - * at least RSA key size). The cipher.length field should > - * be 0 and will be overwritten by the PMD with the encrypted length. > + * When op_type =3D=3D RTE_CRYPTO_ASYM_OP_DECRYPT: > + * > + * Input shall contain previously encrypted RSA message. > + * > + * When op_type =3D=3D RTE_CRYPTO_ASYM_OP_VERIFY: > + * > + * Input shall contain signature to be verified > * > - * All data is in Octet-string network byte order format. > */ >=20 > - rte_crypto_param sign; > + union { > + rte_crypto_param output; > + rte_crypto_param message; > + }; > /**< > - * Pointer to input data > - * - to be verified for RSA public decrypt. > + * When op_type =3D=3D RTE_CRYPTO_ASYM_OP_ENCRYPT: > + * > + * Output shall contain encrypted data, output.length shall > + * be set to the length of encrypted data. > + * > + * When op_type =3D=3D > RTE_CRYPTO_ASYM_OP_DECRYPT/RTE_CRYPTO_ASYM_OP_SIGN: > + * > + * If padding.type =3D RTE_CRYPTO_RSA_PADDING_NONE > + * output shall contain decrypted/signed data, but all leading zeros > + * shall be preserved. Therefore output.length should be > + * equal to the length of the modulus. > * > - * Pointer to output data > - * - for RSA private encrypt. > - * In this case the underlying array should have been allocated > - * with enough memory to hold signature output (i.e. must be > - * at least RSA key size). The sign.length field should > - * be 0 and will be overwritten by the PMD with the signature length. > + * For other types of padding, output should contain > + * decrypted data, and output.length shall be set to the length > + * of decrypted data. > + * > + * When op_type =3D=3D RTE_CRYPTO_ASYM_OP_VERIFY: > + * > + * If padding.type =3D RTE_CRYPTO_RSA_PADDING_NONE > + * output shall contain the public key decrypted signature. > + * All leading zeroes shall be preserved. > + * > + * For other padding types, the message should be set with data for the > + * signature to be compared with. > * > - * All data is in Octet-string network byte order format. > */ >=20 > - enum rte_crypto_rsa_padding_type pad; > - /**< RSA padding scheme to be used for transform */ > - > - enum rte_crypto_auth_algorithm md; > - /**< Hash algorithm to be used for data hash if padding > - * scheme is either OAEP or PSS. Valid hash algorithms > - * are: > - * MD5, SHA1, SHA224, SHA256, SHA384, SHA512 > - */ > + struct rte_crypto_rsa_padding padding; > + /**< RSA padding information */ >=20 > - enum rte_crypto_auth_algorithm mgf1md; > - /**< > - * Hash algorithm to be used for mask generation if > - * padding scheme is either OAEP or PSS. If padding > - * scheme is unspecified data hash algorithm is used > - * for mask generation. Valid hash algorithms are: > - * MD5, SHA1, SHA224, SHA256, SHA384, SHA512 > - */ > + uint64_t flags; > + /**< RSA configuration flags */ > }; >=20 > /** > -- > 2.13.6