From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
To: <dev@dpdk.org>
Cc: Anoob Joseph <anoobj@marvell.com>,
Ankur Dwivedi <adwivedi@marvell.com>,
Tejasree Kondoj <ktejasree@marvell.com>,
Akhil Goyal <gakhil@marvell.com>, <jerinj@marvell.com>,
Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
Subject: [v3] crypto/cnxk: support exponent type private key
Date: Wed, 12 Oct 2022 09:47:22 +0530 [thread overview]
Message-ID: <20221012041722.71766-1-gmuthukrishn@marvell.com> (raw)
In-Reply-To: <20221011111902.4128847-1-gmuthukrishn@marvell.com>
This patch adds support for RTE_RSA_KEY_TYPE_EXP in cnxk crypto
driver.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
--
v3:
- .ini updates.
v2:
- new function to handle exp type priv key.
---
doc/guides/cryptodevs/features/cn10k.ini | 2 +
doc/guides/cryptodevs/features/cn9k.ini | 2 +
drivers/crypto/cnxk/cnxk_ae.h | 112 +++++++++++++++++++----
drivers/crypto/cnxk/cnxk_cryptodev.c | 1 +
4 files changed, 97 insertions(+), 20 deletions(-)
diff --git a/doc/guides/cryptodevs/features/cn10k.ini b/doc/guides/cryptodevs/features/cn10k.ini
index 166fca5adb..6e4e0e0095 100644
--- a/doc/guides/cryptodevs/features/cn10k.ini
+++ b/doc/guides/cryptodevs/features/cn10k.ini
@@ -14,6 +14,8 @@ OOP SGL In LB Out = Y
OOP SGL In SGL Out = Y
OOP LB In LB Out = Y
Symmetric sessionless = Y
+RSA PRIV OP KEY EXP = Y
+RSA PRIV OP KEY QT = Y
Digest encrypted = Y
Inner checksum = Y
diff --git a/doc/guides/cryptodevs/features/cn9k.ini b/doc/guides/cryptodevs/features/cn9k.ini
index c3d131db1a..f9c896f6bd 100644
--- a/doc/guides/cryptodevs/features/cn9k.ini
+++ b/doc/guides/cryptodevs/features/cn9k.ini
@@ -14,6 +14,8 @@ OOP SGL In LB Out = Y
OOP SGL In SGL Out = Y
OOP LB In LB Out = Y
Symmetric sessionless = Y
+RSA PRIV OP KEY EXP = Y
+RSA PRIV OP KEY QT = Y
Digest encrypted = Y
;
diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index 4a7ce0bf40..adf719da73 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -82,20 +82,31 @@ cnxk_ae_fill_rsa_params(struct cnxk_ae_sess *sess,
struct rte_crypto_rsa_priv_key_qt qt = xform->rsa.qt;
struct rte_crypto_rsa_xform *xfrm_rsa = &xform->rsa;
struct rte_crypto_rsa_xform *rsa = &sess->rsa_ctx;
+ struct rte_crypto_param_t d = xform->rsa.d;
size_t mod_len = xfrm_rsa->n.length;
size_t exp_len = xfrm_rsa->e.length;
uint64_t total_size;
size_t len = 0;
- if (qt.p.length != 0 && qt.p.data == NULL)
- return -EINVAL;
+ /* Set private key type */
+ rsa->key_type = xfrm_rsa->key_type;
+
+ if (rsa->key_type == RTE_RSA_KEY_TYPE_QT) {
+ if (qt.p.length != 0 && qt.p.data == NULL)
+ return -EINVAL;
+
+ /* Make sure key length used is not more than mod_len/2 */
+ if (qt.p.data != NULL)
+ len = (((mod_len / 2) < qt.p.length) ? 0 : qt.p.length * 5);
+ } else if (rsa->key_type == RTE_RSA_KEY_TYPE_EXP) {
+ if (d.length != 0 && d.data == NULL)
+ return -EINVAL;
- /* Make sure key length used is not more than mod_len/2 */
- if (qt.p.data != NULL)
- len = (((mod_len / 2) < qt.p.length) ? 0 : qt.p.length);
+ len = d.length;
+ }
/* Total size required for RSA key params(n,e,(q,dQ,p,dP,qInv)) */
- total_size = mod_len + exp_len + 5 * len;
+ total_size = mod_len + exp_len + len;
/* Allocate buffer to hold all RSA keys */
rsa->n.data = rte_malloc(NULL, total_size, 0);
@@ -107,8 +118,8 @@ cnxk_ae_fill_rsa_params(struct cnxk_ae_sess *sess,
rsa->e.data = rsa->n.data + mod_len;
memcpy(rsa->e.data, xfrm_rsa->e.data, exp_len);
- /* Private key in quintuple format */
- if (len != 0) {
+ if (rsa->key_type == RTE_RSA_KEY_TYPE_QT) {
+ /* Private key in quintuple format */
rsa->qt.q.data = rsa->e.data + exp_len;
memcpy(rsa->qt.q.data, qt.q.data, qt.q.length);
rsa->qt.dQ.data = rsa->qt.q.data + qt.q.length;
@@ -126,6 +137,11 @@ cnxk_ae_fill_rsa_params(struct cnxk_ae_sess *sess,
rsa->qt.p.length = qt.p.length;
rsa->qt.dP.length = qt.dP.length;
rsa->qt.qInv.length = qt.qInv.length;
+ } else if (rsa->key_type == RTE_RSA_KEY_TYPE_EXP) {
+ /* Private key in exponent format */
+ rsa->d.data = rsa->e.data + exp_len;
+ memcpy(rsa->d.data, d.data, d.length);
+ rsa->d.length = d.length;
}
rsa->n.length = mod_len;
rsa->e.length = exp_len;
@@ -316,10 +332,64 @@ cnxk_ae_rsa_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf,
inst->rptr = (uintptr_t)dptr;
}
+static __rte_always_inline void
+cnxk_ae_rsa_exp_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf,
+ struct rte_crypto_rsa_xform *rsa, rte_crypto_param *crypto_param,
+ struct cpt_inst_s *inst)
+{
+ struct rte_crypto_rsa_op_param rsa_op;
+ uint32_t privkey_len = rsa->d.length;
+ uint32_t mod_len = rsa->n.length;
+ union cpt_inst_w4 w4;
+ uint32_t in_size;
+ uint32_t dlen;
+ uint8_t *dptr;
+
+ rsa_op = op->asym->rsa;
+
+ /* Input buffer */
+ dptr = meta_buf->vaddr;
+ inst->dptr = (uintptr_t)dptr;
+ memcpy(dptr, rsa->n.data, mod_len);
+ dptr += mod_len;
+ memcpy(dptr, rsa->d.data, privkey_len);
+ dptr += privkey_len;
+
+ in_size = crypto_param->length;
+ memcpy(dptr, crypto_param->data, in_size);
+
+ dptr += in_size;
+ dlen = mod_len + privkey_len + in_size;
+
+ if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
+ /* Use mod_exp operation for no_padding type */
+ w4.s.opcode_minor = ROC_AE_MINOR_OP_MODEX;
+ w4.s.param2 = privkey_len;
+ } else {
+ if (rsa_op.op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
+ w4.s.opcode_minor = ROC_AE_MINOR_OP_PKCS_ENC;
+ /* Private key encrypt (exponent), use BT1*/
+ w4.s.param2 = ROC_AE_CPT_BLOCK_TYPE1 | ((uint16_t)(privkey_len) << 1);
+ } else if (rsa_op.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
+ w4.s.opcode_minor = ROC_AE_MINOR_OP_PKCS_DEC;
+ /* Private key decrypt (exponent), use BT2 */
+ w4.s.param2 = ROC_AE_CPT_BLOCK_TYPE2;
+ }
+ }
+
+ w4.s.opcode_major = ROC_AE_MAJOR_OP_MODEX;
+
+ w4.s.param1 = mod_len;
+ w4.s.dlen = dlen;
+
+ inst->w4.u64 = w4.u64;
+ inst->rptr = (uintptr_t)dptr;
+}
+
static __rte_always_inline void
cnxk_ae_rsa_crt_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf,
- struct rte_crypto_rsa_xform *rsa,
- rte_crypto_param *crypto_param, struct cpt_inst_s *inst)
+ struct rte_crypto_rsa_xform *rsa, rte_crypto_param *crypto_param,
+ struct cpt_inst_s *inst)
{
uint32_t qInv_len = rsa->qt.qInv.length;
struct rte_crypto_rsa_op_param rsa_op;
@@ -374,28 +444,30 @@ cnxk_ae_rsa_crt_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf,
}
static __rte_always_inline int __rte_hot
-cnxk_ae_enqueue_rsa_op(struct rte_crypto_op *op,
- struct roc_ae_buf_ptr *meta_buf,
+cnxk_ae_enqueue_rsa_op(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf,
struct cnxk_ae_sess *sess, struct cpt_inst_s *inst)
{
struct rte_crypto_rsa_op_param *rsa = &op->asym->rsa;
+ struct rte_crypto_rsa_xform *ctx = &sess->rsa_ctx;
switch (rsa->op_type) {
case RTE_CRYPTO_ASYM_OP_VERIFY:
- cnxk_ae_rsa_prep(op, meta_buf, &sess->rsa_ctx, &rsa->sign,
- inst);
+ cnxk_ae_rsa_prep(op, meta_buf, ctx, &rsa->sign, inst);
break;
case RTE_CRYPTO_ASYM_OP_ENCRYPT:
- cnxk_ae_rsa_prep(op, meta_buf, &sess->rsa_ctx, &rsa->message,
- inst);
+ cnxk_ae_rsa_prep(op, meta_buf, ctx, &rsa->message, inst);
break;
case RTE_CRYPTO_ASYM_OP_SIGN:
- cnxk_ae_rsa_crt_prep(op, meta_buf, &sess->rsa_ctx,
- &rsa->message, inst);
+ if (ctx->key_type == RTE_RSA_KEY_TYPE_QT)
+ cnxk_ae_rsa_crt_prep(op, meta_buf, ctx, &rsa->message, inst);
+ else
+ cnxk_ae_rsa_exp_prep(op, meta_buf, ctx, &rsa->message, inst);
break;
case RTE_CRYPTO_ASYM_OP_DECRYPT:
- cnxk_ae_rsa_crt_prep(op, meta_buf, &sess->rsa_ctx, &rsa->cipher,
- inst);
+ if (ctx->key_type == RTE_RSA_KEY_TYPE_QT)
+ cnxk_ae_rsa_crt_prep(op, meta_buf, ctx, &rsa->cipher, inst);
+ else
+ cnxk_ae_rsa_exp_prep(op, meta_buf, ctx, &rsa->cipher, inst);
break;
default:
op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
diff --git a/drivers/crypto/cnxk/cnxk_cryptodev.c b/drivers/crypto/cnxk/cnxk_cryptodev.c
index d67de54a7b..35635f7831 100644
--- a/drivers/crypto/cnxk/cnxk_cryptodev.c
+++ b/drivers/crypto/cnxk/cnxk_cryptodev.c
@@ -15,6 +15,7 @@ cnxk_cpt_default_ff_get(void)
RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
RTE_CRYPTODEV_FF_HW_ACCELERATED |
RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT |
+ RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_EXP |
RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
RTE_CRYPTODEV_FF_IN_PLACE_SGL |
RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
--
2.25.1
next prev parent reply other threads:[~2022-10-12 4:17 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-27 8:00 [v1] " Gowrishankar Muthukrishnan
2022-10-07 12:56 ` Akhil Goyal
2022-10-11 11:19 ` [v2] " Gowrishankar Muthukrishnan
2022-10-12 4:17 ` Gowrishankar Muthukrishnan [this message]
2022-10-12 6:35 ` [v3] " Anoob Joseph
2022-10-12 18:49 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221012041722.71766-1-gmuthukrishn@marvell.com \
--to=gmuthukrishn@marvell.com \
--cc=adwivedi@marvell.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=jerinj@marvell.com \
--cc=ktejasree@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).