From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
To: <dev@dpdk.org>
Cc: <anoobj@marvell.com>, Akhil Goyal <gakhil@marvell.com>,
Fan Zhang <fanzhang.oss@gmail.com>, Kai Ji <kai.ji@intel.com>,
"Gowrishankar Muthukrishnan" <gmuthukrishn@marvell.com>
Subject: [PATCH v1 2/3] crypto/openssl: add EDDSA support
Date: Wed, 29 Nov 2023 21:40:35 +0530 [thread overview]
Message-ID: <03d11c7c6e1e523784dd2a745169e75e466802c1.1701273963.git.gmuthukrishn@marvell.com> (raw)
In-Reply-To: <0ae6a1afadac64050d80b0fd7712c4a6a8599e2c.1701273963.git.gmuthukrishn@marvell.com>
Add EDDSA support in OpenSSL PMD.
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
For openssl library support, refer:
https://github.com/openssl/openssl/commit/4f8b7c2319523f8e83b8b2fa31127832fa092552
---
drivers/crypto/openssl/openssl_pmd_private.h | 6 +
drivers/crypto/openssl/rte_openssl_pmd.c | 165 +++++++++++++++++++
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 80 +++++++++
3 files changed, 251 insertions(+)
diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/openssl/openssl_pmd_private.h
index 334912d335..7061a1b85b 100644
--- a/drivers/crypto/openssl/openssl_pmd_private.h
+++ b/drivers/crypto/openssl/openssl_pmd_private.h
@@ -212,6 +212,12 @@ struct openssl_asym_session {
OSSL_PARAM * params;
#endif
} sm2;
+ struct {
+ uint8_t curve_id;
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+ OSSL_PARAM *params;
+#endif
+ } eddsa;
} u;
} __rte_cache_aligned;
/** Set and validate OPENSSL crypto session parameters */
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index e8cb09defc..61c1f95202 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -2890,6 +2890,155 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
return ret;
}
+static int
+process_openssl_eddsa_op_evp(struct rte_crypto_op *cop,
+ struct openssl_asym_session *sess)
+{
+ static const char * const instance[] = {"Ed25519", "Ed25519ctx", "Ed25519ph",
+ "Ed448", "Ed448ph"};
+ EVP_PKEY_CTX *kctx = NULL, *sctx = NULL, *cctx = NULL;
+ const uint8_t curve_id = sess->u.eddsa.curve_id;
+ struct rte_crypto_asym_op *op = cop->asym;
+ OSSL_PARAM *params = sess->u.eddsa.params;
+ OSSL_PARAM_BLD *iparam_bld = NULL;
+ OSSL_PARAM *iparams = NULL;
+ uint8_t signbuf[128] = {0};
+ EVP_MD_CTX *md_ctx = NULL;
+ EVP_PKEY *pkey = NULL;
+ size_t signlen;
+ int ret = -1;
+
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+
+ iparam_bld = OSSL_PARAM_BLD_new();
+ if (!iparam_bld)
+ goto err_eddsa;
+
+ OSSL_PARAM_BLD_push_octet_string(iparam_bld, "context-string",
+ op->eddsa.context.data, op->eddsa.context.length);
+
+ OSSL_PARAM_BLD_push_utf8_string(iparam_bld, "instance",
+ instance[op->eddsa.instance], strlen(instance[op->eddsa.instance]));
+
+ iparams = OSSL_PARAM_BLD_to_param(iparam_bld);
+ if (!iparams)
+ goto err_eddsa;
+
+ switch (op->eddsa.op_type) {
+ case RTE_CRYPTO_ASYM_OP_SIGN:
+ {
+ if (curve_id == RTE_CRYPTO_EC_GROUP_ED25519)
+ kctx = EVP_PKEY_CTX_new_from_name(NULL, "ED25519", NULL);
+ else
+ kctx = EVP_PKEY_CTX_new_from_name(NULL, "ED448", NULL);
+
+ if (kctx == NULL || EVP_PKEY_fromdata_init(kctx) <= 0 ||
+ EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
+ goto err_eddsa;
+
+ md_ctx = EVP_MD_CTX_new();
+ if (!md_ctx)
+ goto err_eddsa;
+
+ sctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL);
+ if (!sctx)
+ goto err_eddsa;
+
+ EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
+
+#if (OPENSSL_VERSION_NUMBER >= 0x30300000L)
+ if (!EVP_DigestSignInit_ex(md_ctx, NULL, NULL, NULL, NULL, pkey, iparams))
+ goto err_eddsa;
+#else
+ if (op->eddsa.instance == RTE_CRYPTO_EDCURVE_25519 ||
+ op->eddsa.instance == RTE_CRYPTO_EDCURVE_448) {
+ if (!EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, pkey))
+ goto err_eddsa;
+ } else
+ goto err_eddsa;
+#endif
+
+ if (!EVP_DigestSign(md_ctx, NULL, &signlen, op->eddsa.message.data,
+ op->eddsa.message.length))
+ goto err_eddsa;
+
+ if (signlen > RTE_DIM(signbuf))
+ goto err_eddsa;
+
+ if (!EVP_DigestSign(md_ctx, signbuf, &signlen, op->eddsa.message.data,
+ op->eddsa.message.length))
+ goto err_eddsa;
+
+ memcpy(op->eddsa.sign.data, &signbuf[0], signlen);
+ op->eddsa.sign.length = signlen;
+ }
+ break;
+ case RTE_CRYPTO_ASYM_OP_VERIFY:
+ {
+ if (curve_id == RTE_CRYPTO_EC_GROUP_ED25519)
+ kctx = EVP_PKEY_CTX_new_from_name(NULL, "ED25519", NULL);
+ else
+ kctx = EVP_PKEY_CTX_new_from_name(NULL, "ED448", NULL);
+
+ if (kctx == NULL || EVP_PKEY_fromdata_init(kctx) <= 0 ||
+ EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_PUBLIC_KEY, params) <= 0)
+ goto err_eddsa;
+
+ md_ctx = EVP_MD_CTX_new();
+ if (!md_ctx)
+ goto err_eddsa;
+
+ sctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL);
+ if (!sctx)
+ goto err_eddsa;
+
+ EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
+
+#if (OPENSSL_VERSION_NUMBER >= 0x30300000L)
+ if (!EVP_DigestVerifyInit_ex(md_ctx, NULL, NULL, NULL, NULL, pkey, iparams))
+ goto err_eddsa;
+#else
+ if (op->eddsa.instance == RTE_CRYPTO_EDCURVE_25519 ||
+ op->eddsa.instance == RTE_CRYPTO_EDCURVE_448) {
+ if (!EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, pkey))
+ goto err_eddsa;
+ } else
+ goto err_eddsa;
+#endif
+
+ signlen = op->eddsa.sign.length;
+ memcpy(&signbuf[0], op->eddsa.sign.data, op->eddsa.sign.length);
+
+ ret = EVP_DigestVerify(md_ctx, signbuf, signlen, op->eddsa.message.data,
+ op->eddsa.message.length);
+ if (ret == 0)
+ goto err_eddsa;
+ }
+ break;
+ default:
+ /* allow ops with invalid args to be pushed to
+ * completion queue
+ */
+ cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+ goto err_eddsa;
+ }
+
+ ret = 0;
+ cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+err_eddsa:
+ OSSL_PARAM_BLD_free(iparam_bld);
+
+ if (sctx)
+ EVP_PKEY_CTX_free(sctx);
+
+ if (cctx)
+ EVP_PKEY_CTX_free(cctx);
+
+ if (pkey)
+ EVP_PKEY_free(pkey);
+
+ return ret;
+}
#else
static int
process_openssl_rsa_op(struct rte_crypto_op *cop,
@@ -2998,6 +3147,15 @@ process_openssl_sm2_op(struct rte_crypto_op *cop,
RTE_SET_USED(sess);
return -ENOTSUP;
}
+
+static int
+process_openssl_eddsa_op(struct rte_crypto_op *cop,
+ struct openssl_asym_session *sess)
+{
+ RTE_SET_USED(cop);
+ RTE_SET_USED(sess);
+ return -ENOTSUP;
+}
#endif
static int
@@ -3053,6 +3211,13 @@ process_asym_op(struct openssl_qp *qp, struct rte_crypto_op *op,
retval = process_openssl_sm2_op_evp(op, sess);
#else
retval = process_openssl_sm2_op(op, sess);
+#endif
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_EDDSA:
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+ retval = process_openssl_eddsa_op_evp(op, sess);
+#else
+ retval = process_openssl_eddsa_op(op, sess);
#endif
break;
default:
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index b16baaa08f..36c4c68da9 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -610,6 +610,20 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
}
}
},
+ { /* EDDSA */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xform_capa = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_EDDSA,
+ .hash_algos = (1 << RTE_CRYPTO_AUTH_SHA512 |
+ 1 << RTE_CRYPTO_AUTH_SHAKE_256),
+ .op_types =
+ ((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
+ (1 << RTE_CRYPTO_ASYM_OP_VERIFY)),
+ }
+ }
+ }
+ },
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
@@ -1413,6 +1427,66 @@ static int openssl_set_asym_session_parameters(
#else
OPENSSL_LOG(WARNING, "SM2 unsupported for OpenSSL Version < 3.0");
return -ENOTSUP;
+#endif
+ }
+ case RTE_CRYPTO_ASYM_XFORM_EDDSA:
+ {
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+ OSSL_PARAM_BLD *param_bld = NULL;
+ OSSL_PARAM *params = NULL;
+ int ret = -1;
+
+ asym_session->u.eddsa.curve_id = xform->ec.curve_id;
+
+ param_bld = OSSL_PARAM_BLD_new();
+ if (!param_bld) {
+ OPENSSL_LOG(ERR, "failed to allocate params\n");
+ goto err_eddsa;
+ }
+
+ ret = OSSL_PARAM_BLD_push_utf8_string(param_bld,
+ OSSL_PKEY_PARAM_GROUP_NAME, "ED25519", sizeof("ED25519"));
+ if (!ret) {
+ OPENSSL_LOG(ERR, "failed to push params\n");
+ goto err_eddsa;
+ }
+
+ ret = OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_PKEY_PARAM_PRIV_KEY,
+ xform->ec.pkey.data, xform->ec.pkey.length);
+ if (!ret) {
+ OPENSSL_LOG(ERR, "failed to push params\n");
+ goto err_eddsa;
+ }
+
+ ret = OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_PKEY_PARAM_PUB_KEY,
+ xform->ec.qcomp.data, xform->ec.qcomp.length);
+ if (!ret) {
+ OPENSSL_LOG(ERR, "failed to push params\n");
+ goto err_eddsa;
+ }
+
+ params = OSSL_PARAM_BLD_to_param(param_bld);
+ if (!params) {
+ OPENSSL_LOG(ERR, "failed to push params\n");
+ goto err_eddsa;
+ }
+
+ asym_session->u.eddsa.params = params;
+ OSSL_PARAM_BLD_free(param_bld);
+
+ asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_EDDSA;
+ break;
+err_eddsa:
+ if (param_bld)
+ OSSL_PARAM_BLD_free(param_bld);
+
+ if (asym_session->u.eddsa.params)
+ OSSL_PARAM_free(asym_session->u.eddsa.params);
+
+ return -1;
+#else
+ OPENSSL_LOG(WARNING, "EDDSA unsupported for OpenSSL Version < 3.0");
+ return -ENOTSUP;
#endif
}
default:
@@ -1511,6 +1585,12 @@ static void openssl_reset_asym_session(struct openssl_asym_session *sess)
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
OSSL_PARAM_free(sess->u.sm2.params);
#endif
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_EDDSA:
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+ OSSL_PARAM_free(sess->u.eddsa.params);
+#endif
+ break;
default:
break;
}
--
2.25.1
next prev parent reply other threads:[~2023-11-29 16:10 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-29 16:10 [PATCH v1 1/3] cryptodev: add EDDSA asymmetric crypto algorithm Gowrishankar Muthukrishnan
2023-11-29 16:10 ` Gowrishankar Muthukrishnan [this message]
2023-11-29 16:10 ` [PATCH v1 3/3] test/crypto: add asymmetric EDDSA test cases Gowrishankar Muthukrishnan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=03d11c7c6e1e523784dd2a745169e75e466802c1.1701273963.git.gmuthukrishn@marvell.com \
--to=gmuthukrishn@marvell.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=fanzhang.oss@gmail.com \
--cc=gakhil@marvell.com \
--cc=kai.ji@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).