* [dpdk-dev] [PATCH v1 1/3] lib/cryptodev: add unit testcase for asym crypto
2018-04-03 10:31 [dpdk-dev] [PATCH v1 0/3]cryptodev: add unit tests and PMD for asym crypto Shally Verma
@ 2018-04-03 10:31 ` Shally Verma
2018-04-03 10:31 ` [dpdk-dev] [PATCH v1 2/3] crypto/openssl: add asym crypto support Shally Verma
2018-04-03 10:31 ` [dpdk-dev] [PATCH v1 3/3] doc: add asym crypto in cryptodev programmer guide Shally Verma
2 siblings, 0 replies; 4+ messages in thread
From: Shally Verma @ 2018-04-03 10:31 UTC (permalink / raw)
To: pablo.de.lara.guarch
Cc: declan.doherty, fiona.trahe, pathreya, ssahu, agupta, dev,
Sunila Sahu, Ashish Gupta
Initial unit test case to test openssl PMD asym crypto
operations. Test case invoke asymmetric operation on DPDK
Openssl PMD and cross-verify results via Openssl SW library.
Tests have been verified with openssl 1.0.2m release.
Tested for:
* RSA Encrypt, Decrypt, Sign and Verify using pre-defined
test vectors
* Modular Inversion and Exponentiation using pre-defined
test vectors
* Deiffie-Hellman Public key generation using pre-defined
private key and dynamically generated test vectors
* Deffie-hellman private key generation using dynamically
generated test vectors
* Deffie-hellman private and public key pair generation
using xform chain and using dynamically generated test
vectors
* Deffie-hellman shared secret compute using dynamically
generated test vectors
* DSA Sign and Verification
Deffie-hellman testcases use run-time generated test params,
thus may take some time for execution.
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
Signed-off-by: Sunila Sahu <sunila.sahu@caviumnetworks.com>
Signed-off-by: Ashish Gupta <ashish.gupta@caviumnetworks.com>
---
test/test/Makefile | 3 +-
test/test/test_cryptodev_asym.c | 1785 +++++++++++++++++++++++++++++++++++++++
2 files changed, 1787 insertions(+), 1 deletion(-)
diff --git a/test/test/Makefile b/test/test/Makefile
index a88cc38bf..04ab52265 100644
--- a/test/test/Makefile
+++ b/test/test/Makefile
@@ -180,6 +180,7 @@ SRCS-$(CONFIG_RTE_LIBRTE_PMD_RING) += test_pmd_ring_perf.c
SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev_blockcipher.c
SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev.c
+SRCS-$(CONFIG_RTE_LIBRTE_CRYPTODEV) += test_cryptodev_asym.c
ifeq ($(CONFIG_RTE_LIBRTE_EVENTDEV),y)
SRCS-y += test_eventdev.c
@@ -200,7 +201,7 @@ CFLAGS += $(WERROR_FLAGS)
CFLAGS += -D_GNU_SOURCE
-LDLIBS += -lm
+LDLIBS += -lm -lcrypto
# Disable VTA for memcpy test
ifeq ($(CONFIG_RTE_TOOLCHAIN_GCC),y)
diff --git a/test/test/test_cryptodev_asym.c b/test/test/test_cryptodev_asym.c
new file mode 100644
index 000000000..5f15d10c5
--- /dev/null
+++ b/test/test/test_cryptodev_asym.c
@@ -0,0 +1,1785 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2017-2018 Cavium Networks
+ */
+
+#include <rte_common.h>
+#include <rte_hexdump.h>
+#include <rte_mbuf.h>
+#include <rte_malloc.h>
+#include <rte_memcpy.h>
+#include <rte_pause.h>
+#include <rte_bus_vdev.h>
+
+#include <rte_crypto.h>
+#include <rte_cryptodev.h>
+#include <rte_cryptodev_pmd.h>
+#include <openssl/ssl.h>
+
+#include "test.h"
+#include "test_cryptodev.h"
+
+#define TEST_DATA_SIZE 4096
+#define TEST_NUM_BUFS 10
+#define TEST_NUM_SESSIONS 4
+#define ASYM_TEST_MSG_LEN 256
+#define TEST_DH_MOD_LEN 1024
+
+static int gbl_driver_id;
+struct crypto_testsuite_params {
+ struct rte_mempool *op_mpool;
+ struct rte_mempool *session_mpool;
+ struct rte_cryptodev_config conf;
+ struct rte_cryptodev_qp_conf qp_conf;
+ uint8_t valid_devs[RTE_CRYPTO_MAX_DEVS];
+ uint8_t valid_dev_count;
+};
+
+struct crypto_unittest_params {
+ struct rte_cryptodev_asym_session *sess;
+ struct rte_crypto_op *op;
+};
+
+static struct crypto_testsuite_params testsuite_params = { NULL };
+
+struct rsa_test_data {
+ enum rte_crypto_asym_op_type op_type;
+
+ struct {
+ uint8_t data[TEST_DATA_SIZE];
+ unsigned int len;
+ } plainText;
+ struct {
+ uint8_t data[TEST_DATA_SIZE];
+ unsigned int len;
+ } encryptedText;
+ struct {
+ uint8_t data[TEST_DATA_SIZE];
+ unsigned int len;
+ } signText;
+};
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wcast-qual"
+
+static unsigned char base[] = { 0xF8, 0xBA, 0x1A, 0x55, 0xD0, 0x2F, 0x85,
+ 0xAE, 0x96, 0x7B, 0xB6, 0x2F, 0xB6, 0xCD,
+ 0xA8, 0xEB, 0x7E, 0x78, 0xA0, 0x50 };
+
+static struct rsa_test_data rsa_test_case = {
+ .op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT,
+ .plainText = {
+ .data = {
+ 0xF8, 0xBA, 0x1A, 0x55, 0xD0, 0x2F, 0x85, 0xAE,
+ 0x96, 0x7B, 0xB6, 0x2F, 0xB6, 0xCD, 0xA8, 0xEB,
+ 0x7E, 0x78, 0xA0, 0x50
+ },
+ .len = 20
+ },
+ .encryptedText = {
+ .data = {
+ 0x4B, 0x22, 0x88, 0xF1, 0x91, 0x5A, 0x6A, 0xCC,
+ 0x75, 0xD6, 0x40, 0xE3, 0x58, 0xCA, 0xC8, 0x70,
+ 0x9B, 0x2B, 0xC7, 0x36, 0x1F, 0xAE, 0x38, 0xF3,
+ 0x97, 0xA6, 0xEE, 0xA7, 0xDB, 0xFF, 0x9F, 0x09,
+ 0x73, 0x1A, 0x2F, 0x01, 0xFA, 0xAF, 0x77, 0x09,
+ 0xE1, 0x8D, 0x3E, 0x2D, 0x1D, 0x45, 0x15, 0x66,
+ 0xE1, 0x79, 0xD7, 0xC6, 0x94, 0x1D, 0x54, 0xBF,
+ 0xDD, 0xAB, 0x46, 0x34, 0xC7, 0x55, 0x62, 0x5B,
+ 0x9D, 0xBD, 0x28, 0xDB, 0x46, 0x0D, 0x2D, 0x3D,
+ 0x41, 0x46, 0xDA, 0x45, 0x31, 0x78, 0xD5, 0xE7,
+ 0x2C, 0xA4, 0x1F, 0x73, 0xBE, 0x62, 0x41, 0x2C,
+ 0x5C, 0x8D, 0x0D, 0xFA, 0xCC, 0x4C, 0xC1, 0x69,
+ 0x90, 0xC9, 0x50, 0x21, 0x20, 0x90, 0x72, 0x70,
+ 0x55, 0xA0, 0x25, 0x11, 0x5B, 0x96, 0x96, 0x07,
+ 0x98, 0x90, 0x10, 0x81, 0x9E, 0x32, 0x16, 0x02,
+ 0x6F, 0x52, 0xCF, 0xDB, 0x57, 0x9C, 0x57, 0xD2
+ },
+ .len = 128
+ },
+ .signText = {
+ .data = {
+ 0x2F, 0x42, 0xB3, 0xB1, 0x7F, 0xA8, 0x66, 0x00,
+ 0xC6, 0xB4, 0x7D, 0x12, 0x67, 0x5F, 0x94, 0xF7,
+ 0x25, 0xD6, 0x7E, 0x14, 0xE4, 0xC2, 0x63, 0xB2,
+ 0xDC, 0x1B, 0x13, 0xC0, 0xDA, 0xDA, 0x0D, 0x32,
+ 0x9B, 0xF4, 0x8A, 0x62, 0x90, 0xE7, 0xB3, 0xF3,
+ 0xBB, 0x5A, 0xAB, 0x5F, 0xF8, 0xAF, 0xF4, 0x19,
+ 0x0D, 0xA5, 0x66, 0x25, 0x95, 0x69, 0x57, 0x43,
+ 0x87, 0x44, 0xB0, 0x92, 0x1A, 0x39, 0xA6, 0x97,
+ 0x06, 0xFD, 0xF3, 0x20, 0x72, 0xFB, 0xEA, 0xEF,
+ 0xCF, 0xD1, 0x88, 0xCA, 0x23, 0x26, 0xA9, 0xA9,
+ 0x22, 0xCD, 0xA0, 0x10, 0xF9, 0x14, 0x28, 0xC7,
+ 0x0E, 0x82, 0xE1, 0xCD, 0xC3, 0x31, 0x0F, 0x75,
+ 0x6D, 0x69, 0xCD, 0x55, 0x30, 0xA3, 0x26, 0xCB,
+ 0xF8, 0xBC, 0xF3, 0xC5, 0xFA, 0xD7, 0x7E, 0x51,
+ 0x81, 0xC9, 0x5C, 0x9F, 0x2A, 0x40, 0x40, 0x83,
+ 0xB3, 0xBA, 0xDB, 0x94, 0x2D, 0x31, 0x1C, 0xF8
+
+ },
+ .len = 128
+ }
+};
+
+/** rsa xform using exponent key */
+struct rte_crypto_asym_xform rsa_xform = {
+ .next = NULL,
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
+ .rsa = {
+ .n = {
+ .data =
+ (uint8_t *)
+ ("\x00\xb3\xa1\xaf\xb7\x13\x08\x00\x0a\x35\xdc\x2b\x20\x8d"
+ "\xa1\xb5\xce\x47\x8a\xc3\x80\xf4\x7d\x4a\xa2\x62\xfd\x61\x7f"
+ "\xb5\xa8\xde\x0a\x17\x97\xa0\xbf\xdf\x56\x5a\x3d\x51\x56\x4f"
+ "\x70\x70\x3f\x63\x6a\x44\x5b\xad\x84\x0d\x3f\x27\x6e\x3b\x34"
+ "\x91\x60\x14\xb9\xaa\x72\xfd\xa3\x64\xd2\x03\xa7\x53\x87\x9e"
+ "\x88\x0b\xc1\x14\x93\x1a\x62\xff\xb1\x5d\x74\xcd\x59\x63\x18"
+ "\x11\x3d\x4f\xba\x75\xd4\x33\x4e\x23\x6b\x7b\x57\x44\xe1\xd3"
+ "\x03\x13\xa6\xf0\x8b\x60\xb0\x9e\xee\x75\x08\x9d\x71\x63\x13"
+ "\xcb\xa6\x81\x92\x14\x03\x22\x2d\xde\x55"),
+ .length = 129
+ },
+ .e = {
+ .data = (uint8_t *)("\x01\x00\x01"),
+ .length = 3
+ },
+ .key_type = RTE_RSA_KEY_TYPE_EXP,
+ {
+ .d = {
+ .data =
+ (uint8_t *)
+ ("\x24\xd7\xea\xf4\x7f\xe0\xca\x31\x4d\xee\xc4\xa1\xbe\xab\x06"
+ "\x61\x32\xe7\x51\x46\x27\xdf\x72\xe9\x6f\xa8\x4c\xd1\x26\xef"
+ "\x65\xeb\x67\xff\x5f\xa7\x3b\x25\xb9\x08\x8e\xa0\x47\x56\xe6"
+ "\x8e\xf9\xd3\x18\x06\x3d\xc6\xb1\xf8\xdc\x1b\x8d\xe5\x30\x54"
+ "\x26\xac\x16\x3b\x7b\xad\x46\x9e\x21\x6a\x57\xe6\x81\x56\x1d"
+ "\x2a\xc4\x39\x63\x67\x81\x2c\xca\xcc\xf8\x42\x04\xbe\xcf\x8f"
+ "\x6c\x5b\x81\x46\xb9\xc7\x62\x90\x87\x35\x03\x9b\x89\xcb\x37"
+ "\xbd\xf1\x1b\x99\xa1\x9a\x78\xd5\x4c\xdd\x3f\x41\x0c\xb7\x1a"
+ "\xd9\x7b\x87\x5f\xbe\xb1\x83\x41"),
+ .length = 128
+ },
+ }
+ }
+};
+
+struct rte_crypto_asym_xform modex_xform = {
+ .next = NULL,
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
+ .modex = {
+ .modulus = {
+ .data =
+ (uint8_t *)
+ ("\x00\xb3\xa1\xaf\xb7\x13\x08\x00\x0a\x35\xdc\x2b\x20\x8d"
+ "\xa1\xb5\xce\x47\x8a\xc3\x80\xf4\x7d\x4a\xa2\x62\xfd\x61\x7f"
+ "\xb5\xa8\xde\x0a\x17\x97\xa0\xbf\xdf\x56\x5a\x3d\x51\x56\x4f"
+ "\x70\x70\x3f\x63\x6a\x44\x5b\xad\x84\x0d\x3f\x27\x6e\x3b\x34"
+ "\x91\x60\x14\xb9\xaa\x72\xfd\xa3\x64\xd2\x03\xa7\x53\x87\x9e"
+ "\x88\x0b\xc1\x14\x93\x1a\x62\xff\xb1\x5d\x74\xcd\x59\x63\x18"
+ "\x11\x3d\x4f\xba\x75\xd4\x33\x4e\x23\x6b\x7b\x57\x44\xe1\xd3"
+ "\x03\x13\xa6\xf0\x8b\x60\xb0\x9e\xee\x75\x08\x9d\x71\x63\x13"
+ "\xcb\xa6\x81\x92\x14\x03\x22\x2d\xde\x55"),
+ .length = 129
+ },
+ .exponent = {
+ .data = (uint8_t *)("\x01\x00\x01"),
+ .length = 3
+ }
+ }
+};
+
+struct rte_crypto_asym_xform modinv_xform = {
+ .next = NULL,
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
+ .modinv = {
+ .modulus = {
+ .data =
+ (uint8_t *)
+ ("\x00\xb3\xa1\xaf\xb7\x13\x08\x00\x0a\x35\xdc\x2b\x20\x8d"
+ "\xa1\xb5\xce\x47\x8a\xc3\x80\xf4\x7d\x4a\xa2\x62\xfd\x61\x7f"
+ "\xb5\xa8\xde\x0a\x17\x97\xa0\xbf\xdf\x56\x5a\x3d\x51\x56\x4f"
+ "\x70\x70\x3f\x63\x6a\x44\x5b\xad\x84\x0d\x3f\x27\x6e\x3b\x34"
+ "\x91\x60\x14\xb9\xaa\x72\xfd\xa3\x64\xd2\x03\xa7\x53\x87\x9e"
+ "\x88\x0b\xc1\x14\x93\x1a\x62\xff\xb1\x5d\x74\xcd\x59\x63\x18"
+ "\x11\x3d\x4f\xba\x75\xd4\x33\x4e\x23\x6b\x7b\x57\x44\xe1\xd3"
+ "\x03\x13\xa6\xf0\x8b\x60\xb0\x9e\xee\x75\x08\x9d\x71\x63\x13"
+ "\xcb\xa6\x81\x92\x14\x03\x22\x2d\xde\x55"),
+ .length = 129
+ }
+ }
+};
+
+#pragma GCC diagnostic pop
+
+static int
+test_rsa(struct rsa_test_data *t)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ struct rte_mempool *op_mpool = ts_params->op_mpool;
+ struct rte_mempool *sess_mpool = ts_params->session_mpool;
+ uint8_t dev_id = ts_params->valid_devs[0];
+ struct rte_crypto_asym_op *asym_op = NULL;
+ struct rte_crypto_op *op = NULL, *result_op = NULL;
+ struct rte_cryptodev_asym_session *sess = NULL;
+ RSA *rsa = NULL;
+ int status = TEST_SUCCESS;
+ uint8_t tmp_buf[TEST_DATA_SIZE];
+ int tmp_len = 0;
+ uint8_t output_buf[TEST_DATA_SIZE] = {0};
+ uint8_t input_buf[TEST_DATA_SIZE] = {0};
+ char test_msg[ASYM_TEST_MSG_LEN + 1];
+
+ sess = rte_cryptodev_asym_session_create(sess_mpool);
+
+ if (!sess) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN, "line %u "
+ "FAILED: %s", __LINE__,
+ "Session creation failed");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ if (rte_cryptodev_asym_session_init(dev_id, sess, &rsa_xform,
+ sess_mpool) < 0) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "unabled to config sym session");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+
+ /* set up crypto op data structure */
+ op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+ if (!op) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to allocate asymmetric crypto "
+ "operation struct");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ asym_op = op->asym;
+ asym_op->rsa.op_type = t->op_type;
+ asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT1;
+
+ if (t->op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
+ memcpy(input_buf, t->plainText.data, t->plainText.len);
+ asym_op->rsa.message.data = input_buf;
+ asym_op->rsa.message.length = t->plainText.len;
+ } else if (t->op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
+ asym_op->rsa.message.data = t->plainText.data;
+ asym_op->rsa.message.length = t->plainText.len;
+ asym_op->rsa.sign.data = output_buf;
+ } else if (t->op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
+ memcpy(input_buf, t->encryptedText.data, t->encryptedText.len);
+ asym_op->rsa.message.data = input_buf;
+ asym_op->rsa.message.length = t->encryptedText.len;
+ } else if (t->op_type == RTE_CRYPTO_ASYM_OP_VERIFY) {
+ memcpy(input_buf, t->signText.data, t->signText.len);
+ asym_op->rsa.message.data = t->plainText.data;
+ asym_op->rsa.message.length = t->plainText.len;
+ asym_op->rsa.sign.data = input_buf;
+ asym_op->rsa.sign.length = t->signText.len;
+ }
+
+ /* attach asymmetric crypto session to crypto operations */
+ rte_crypto_op_attach_asym_session(op, sess);
+
+ snprintf(test_msg, ASYM_TEST_MSG_LEN, "Process ASYM operation");
+
+ /* Process crypto operation */
+ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Error sending packet for operation");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+ rte_pause();
+
+ if (result_op == NULL) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to process asym crypto op");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ /* verify result using sw lib */
+ rsa = RSA_new();
+ if (rsa == NULL) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to allocate sw RSA");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ rsa->n =
+ BN_bin2bn(
+ (const unsigned char *)rsa_xform.rsa.n.data,
+ rsa_xform.rsa.n.length,
+ rsa->n);
+ rsa->e = BN_bin2bn((const unsigned char *)rsa_xform.rsa.e.data,
+ rsa_xform.rsa.e.length,
+ rsa->e);
+ rsa->d = BN_bin2bn((const unsigned char *)rsa_xform.rsa.d.data,
+ rsa_xform.rsa.d.length,
+ rsa->d);
+
+ if (t->op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
+ debug_hexdump(stdout, "Encrypted output:",
+ asym_op->rsa.message.data,
+ asym_op->rsa.message.length);
+
+ /* decrypt using openssl lib */
+ tmp_len = RSA_private_decrypt(asym_op->rsa.message.length,
+ asym_op->rsa.message.data,
+ tmp_buf,
+ rsa,
+ RSA_PKCS1_PADDING);
+
+ if (memcmp(t->plainText.data, tmp_buf, tmp_len)) {
+ snprintf(test_msg,
+ ASYM_TEST_MSG_LEN, "line %u "
+ "FAILED: %s", __LINE__,
+ "Crypto data not as expected");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ } else if (t->op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
+ debug_hexdump(stdout, "RSA Sign output:",
+ asym_op->rsa.sign.data,
+ asym_op->rsa.sign.length);
+
+ /* verify generated sign using openssl lib */
+ tmp_len = RSA_public_decrypt(asym_op->rsa.sign.length,
+ asym_op->rsa.sign.data,
+ tmp_buf, rsa,
+ RSA_PKCS1_PADDING);
+
+ if (memcmp(asym_op->rsa.message.data, tmp_buf, tmp_len)) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN, "line %u "
+ "FAILED: %s", __LINE__,
+ "Crypto data not as expected");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ } else if (t->op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
+ if (memcmp(asym_op->rsa.message.data,
+ t->plainText.data,
+ t->plainText.len)) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN, "line %u "
+ "FAILED: %s", __LINE__,
+ "Crypto data not as expected");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ } else if (t->op_type == RTE_CRYPTO_ASYM_OP_VERIFY) {
+ /* compare verification output in sign to original message */
+ if (memcmp(asym_op->rsa.sign.data,
+ asym_op->rsa.message.data,
+ asym_op->rsa.message.length)) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u "
+ "FAILED: %s", __LINE__,
+ "Crypto data not as expected");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ }
+
+ snprintf(test_msg, ASYM_TEST_MSG_LEN, "PASS");
+
+error_exit:
+ if (rsa)
+ RSA_free(rsa);
+ if (sess) {
+ rte_cryptodev_asym_session_clear(dev_id, sess);
+ rte_cryptodev_asym_session_free(sess);
+ }
+
+ if (op)
+ rte_crypto_op_free(op);
+
+ return status;
+}
+
+static int
+testsuite_setup(void)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ struct rte_cryptodev_info info;
+ uint32_t i = 0, nb_devs, dev_id;
+ int ret;
+ uint16_t qp_id;
+
+ memset(ts_params, 0, sizeof(*ts_params));
+
+ ts_params->op_mpool = rte_crypto_op_pool_create(
+ "CRYPTO_ASYM_OP_POOL",
+ RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ TEST_NUM_BUFS, 0,
+ 0,
+ rte_socket_id());
+ if (ts_params->op_mpool == NULL) {
+ RTE_LOG(ERR, USER1, "Can't create ASYM_CRYPTO_OP_POOL\n");
+ return TEST_FAILED;
+ }
+
+ /* Create an OPENSSL device if required */
+ if (gbl_driver_id == rte_cryptodev_driver_id_get(
+ RTE_STR(CRYPTODEV_NAME_OPENSSL_PMD))) {
+ nb_devs = rte_cryptodev_device_count_by_driver(
+ rte_cryptodev_driver_id_get(
+ RTE_STR(CRYPTODEV_NAME_OPENSSL_PMD)));
+ if (nb_devs < 1) {
+ ret = rte_vdev_init(
+ RTE_STR(CRYPTODEV_NAME_OPENSSL_PMD),
+ NULL);
+
+ TEST_ASSERT(ret == 0, "Failed to create "
+ "instance of pmd : %s",
+ RTE_STR(CRYPTODEV_NAME_OPENSSL_PMD));
+ }
+ }
+
+ nb_devs = rte_cryptodev_count();
+ if (nb_devs < 1) {
+ RTE_LOG(ERR, USER1, "No crypto devices found?\n");
+ return TEST_FAILED;
+ }
+
+ /* Create list of valid crypto devs */
+ for (i = 0; i < nb_devs; i++) {
+ rte_cryptodev_info_get(i, &info);
+ if (info.driver_id == gbl_driver_id)
+ ts_params->valid_devs[ts_params->valid_dev_count++] = i;
+ }
+
+ if (ts_params->valid_dev_count < 1)
+ return TEST_FAILED;
+
+ /* Set up all the qps on the first of the valid devices found */
+
+ dev_id = ts_params->valid_devs[0];
+
+ rte_cryptodev_info_get(dev_id, &info);
+
+ /* check if device support asymmetric , skip if not */
+ if (!(info.feature_flags &
+ RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO)) {
+ RTE_LOG(ERR, USER1, "Device doesn't support asymmetric. "
+ "Test Skipped.\n");
+ return TEST_FAILED;
+ }
+
+ /* configure device with num qp */
+ ts_params->conf.nb_queue_pairs = info.max_nb_queue_pairs;
+ ts_params->conf.socket_id = SOCKET_ID_ANY;
+ TEST_ASSERT_SUCCESS(rte_cryptodev_configure(dev_id,
+ &ts_params->conf),
+ "Failed to configure cryptodev %u with %u qps",
+ dev_id, ts_params->conf.nb_queue_pairs);
+
+ /* configure qp */
+ ts_params->qp_conf.nb_descriptors = DEFAULT_NUM_OPS_INFLIGHT;
+ for (qp_id = 0; qp_id < info.max_nb_queue_pairs; qp_id++) {
+ TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
+ dev_id, qp_id, &ts_params->qp_conf,
+ rte_cryptodev_socket_id(dev_id),
+ ts_params->session_mpool),
+ "Failed to setup queue pair %u on cryptodev %u ASYM",
+ qp_id, dev_id);
+ }
+
+ /* setup asym session pool */
+ unsigned int session_size =
+ rte_cryptodev_get_asym_session_private_size(dev_id);
+ /*
+ * Create mempool with TEST_NUM_SESSIONS * 2,
+ * to include the session headers
+ */
+ ts_params->session_mpool = rte_mempool_create(
+ "test_asym_sess_mp",
+ TEST_NUM_SESSIONS * 2,
+ session_size,
+ 0, 0, NULL, NULL, NULL,
+ NULL, SOCKET_ID_ANY,
+ 0);
+
+ TEST_ASSERT_NOT_NULL(ts_params->session_mpool,
+ "session mempool allocation failed");
+
+ return TEST_SUCCESS;
+}
+
+static void
+testsuite_teardown(void)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+
+ if (ts_params->op_mpool != NULL) {
+ RTE_LOG(DEBUG, USER1, "CRYPTO_OP_POOL count %u\n",
+ rte_mempool_avail_count(ts_params->op_mpool));
+ }
+
+ /* Free session mempools */
+ if (ts_params->session_mpool != NULL) {
+ rte_mempool_free(ts_params->session_mpool);
+ ts_params->session_mpool = NULL;
+ }
+}
+
+static int
+ut_setup(void)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+
+ uint16_t qp_id;
+
+ /* Reconfigure device to default parameters */
+ ts_params->conf.socket_id = SOCKET_ID_ANY;
+
+ TEST_ASSERT_SUCCESS(rte_cryptodev_configure(ts_params->valid_devs[0],
+ &ts_params->conf),
+ "Failed to configure cryptodev %u",
+ ts_params->valid_devs[0]);
+
+ for (qp_id = 0; qp_id < ts_params->conf.nb_queue_pairs ; qp_id++) {
+ TEST_ASSERT_SUCCESS(rte_cryptodev_queue_pair_setup(
+ ts_params->valid_devs[0], qp_id,
+ &ts_params->qp_conf,
+ rte_cryptodev_socket_id(ts_params->valid_devs[0]),
+ ts_params->session_mpool),
+ "Failed to setup queue pair %u on cryptodev %u",
+ qp_id, ts_params->valid_devs[0]);
+ }
+
+ rte_cryptodev_stats_reset(ts_params->valid_devs[0]);
+
+ /* Start the device */
+ TEST_ASSERT_SUCCESS(rte_cryptodev_start(ts_params->valid_devs[0]),
+ "Failed to start cryptodev %u",
+ ts_params->valid_devs[0]);
+
+ return TEST_SUCCESS;
+}
+
+static void
+ut_teardown(void)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ struct rte_cryptodev_stats stats;
+
+ rte_cryptodev_stats_get(ts_params->valid_devs[0], &stats);
+
+ /* Stop the device */
+ rte_cryptodev_stop(ts_params->valid_devs[0]);
+}
+
+static inline void print_asym_capa(
+ const struct rte_cryptodev_asymmetric_xfrm_capability *capa)
+{
+ int i = 0;
+
+ printf("\nxform type: %s\n===================\n",
+ rte_crypto_asym_xform_strings[capa->xform_type]);
+ printf("operation supported -");
+
+ for (i = 0; i < RTE_CRYPTO_ASYM_OP_LIST_END; i++) {
+ /* check supported operations */
+ if (rte_cryptodev_asym_xfrm_capability_check_optype(capa, i))
+ printf(" %s",
+ rte_crypto_asym_op_strings[i]);
+ }
+ switch (capa->xform_type) {
+ case RTE_CRYPTO_ASYM_XFORM_RSA:
+ case RTE_CRYPTO_ASYM_XFORM_MODINV:
+ case RTE_CRYPTO_ASYM_XFORM_MODEX:
+ case RTE_CRYPTO_ASYM_XFORM_DH:
+ case RTE_CRYPTO_ASYM_XFORM_DSA:
+ printf(" modlen: min %d max %d increment %d\n",
+ capa->modlen.min,
+ capa->modlen.max,
+ capa->modlen.increment);
+ break;
+ default:
+ break;
+ }
+}
+
+/* ***** Plaintext data for tests ***** */
+static int
+test_capability(void)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ uint8_t dev_id = ts_params->valid_devs[0];
+ struct rte_cryptodev_info dev_info;
+ int i = 0;
+ struct rte_cryptodev_asym_capability_idx idx;
+ const struct rte_cryptodev_asymmetric_xfrm_capability *capa;
+
+ rte_cryptodev_info_get(dev_id, &dev_info);
+ if (!(dev_info.feature_flags &
+ RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO)) {
+ printf("Device doesn't support asymmetric. "
+ "Test Skipped.\n");
+ return TEST_SUCCESS;
+ }
+
+ /* print xfrm capability */
+ for (i = 0;
+ dev_info.capabilities[i].op != RTE_CRYPTO_OP_TYPE_UNDEFINED;
+ i++) {
+ if (dev_info.capabilities[i].op ==
+ RTE_CRYPTO_OP_TYPE_ASYMMETRIC) {
+ idx.type = dev_info.capabilities[i].asym.xform_type;
+
+ capa = rte_cryptodev_asym_capability_get(dev_id,
+ (const struct
+ rte_cryptodev_asym_capability_idx *) &idx);
+ print_asym_capa(capa);
+ }
+ }
+ return TEST_SUCCESS;
+}
+
+static int
+test_dh_gen_shared_sec(DH *testkey, struct rte_crypto_asym_xform *xfrm)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ struct rte_mempool *op_mpool = ts_params->op_mpool;
+ struct rte_mempool *sess_mpool = ts_params->session_mpool;
+ uint8_t dev_id = ts_params->valid_devs[0];
+ struct rte_crypto_asym_op *asym_op = NULL;
+ struct rte_crypto_op *op = NULL, *result_op = NULL;
+ struct rte_cryptodev_asym_session *sess = NULL;
+ int status = TEST_SUCCESS;
+ char test_msg[ASYM_TEST_MSG_LEN + 1];
+ uint8_t output[TEST_DH_MOD_LEN];
+ struct rte_crypto_asym_xform xform = *xfrm;
+ uint8_t peer[] = "01234567890123456789012345678901234567890123456789";
+
+ sess = rte_cryptodev_asym_session_create(sess_mpool);
+ if (sess == NULL) {
+ snprintf(test_msg,
+ ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s", __LINE__,
+ "Session creation failed");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ /* set up crypto op data structure */
+ op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+ if (!op) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to allocate asymmetric crypto "
+ "operation struct");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ asym_op = op->asym;
+
+ /* Setup a xform and op to generate private key only */
+ xform.dh.type = RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE;
+ xform.next = NULL;
+ asym_op->dh.priv_key.data = rte_malloc(NULL,
+ BN_num_bytes(testkey->priv_key),
+ 0);
+ asym_op->dh.priv_key.length = BN_bn2bin(testkey->priv_key,
+ asym_op->dh.priv_key.data);
+ asym_op->dh.pub_key.data = (uint8_t *)peer;
+ asym_op->dh.pub_key.length = sizeof(peer);
+ asym_op->dh.shared_secret.data = output;
+ asym_op->dh.shared_secret.length = sizeof(output);
+
+ if (rte_cryptodev_asym_session_init(dev_id, sess, &xform,
+ sess_mpool) < 0) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "unabled to config sym session");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ /* attach asymmetric crypto session to crypto operations */
+ rte_crypto_op_attach_asym_session(op, sess);
+
+ snprintf(test_msg, ASYM_TEST_MSG_LEN, "Process ASYM operation");
+
+ /* Process crypto operation */
+ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Error sending packet for operation");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+ rte_pause();
+
+ if (result_op == NULL) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to process asym crypto op");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ debug_hexdump(stdout, "shared secret:",
+ asym_op->dh.shared_secret.data,
+ asym_op->dh.shared_secret.length);
+
+ /* compute shared secret using sw and compare */
+ BIGNUM *p = NULL;
+ p = BN_bin2bn(peer, sizeof(peer), p);
+ if (p != NULL) {
+ size_t test_len;
+ uint8_t *test_shared = rte_malloc(NULL, DH_size(testkey), 0);
+ test_len = DH_compute_key(test_shared, p, testkey);
+
+ debug_hexdump(stdout, "sw shared secret:",
+ test_shared,
+ test_len);
+
+ if ((test_len != asym_op->dh.shared_secret.length) ||
+ (memcmp(test_shared,
+ asym_op->dh.shared_secret.data, test_len))) {
+ RTE_LOG(ERR, USER1,
+ "shared secret compute verification failed\n");
+ status = TEST_FAILED;
+ }
+ rte_free(test_shared);
+ BN_free(p);
+ }
+error_exit:
+ if (sess != NULL) {
+ rte_cryptodev_asym_session_clear(dev_id, sess);
+ rte_cryptodev_asym_session_free(sess);
+ }
+ if (op != NULL) {
+ if (asym_op->dh.priv_key.data != NULL)
+ rte_free(asym_op->dh.priv_key.data);
+ rte_crypto_op_free(op);
+ }
+ return status;
+}
+
+static int
+test_dh_gen_priv_key(DH *testkey __rte_unused,
+ struct rte_crypto_asym_xform *xfrm)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ struct rte_mempool *op_mpool = ts_params->op_mpool;
+ struct rte_mempool *sess_mpool = ts_params->session_mpool;
+ uint8_t dev_id = ts_params->valid_devs[0];
+ struct rte_crypto_asym_op *asym_op = NULL;
+ struct rte_crypto_op *op = NULL, *result_op = NULL;
+ struct rte_cryptodev_asym_session *sess = NULL;
+ int status = TEST_SUCCESS;
+ char test_msg[ASYM_TEST_MSG_LEN + 1];
+ uint8_t output[TEST_DH_MOD_LEN];
+ struct rte_crypto_asym_xform xform = *xfrm;
+
+ sess = rte_cryptodev_asym_session_create(sess_mpool);
+ if (sess == NULL) {
+ snprintf(test_msg,
+ ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s", __LINE__,
+ "Session creation failed");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ /* set up crypto op data structure */
+ op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+ if (!op) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to allocate asymmetric crypto "
+ "operation struct");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ asym_op = op->asym;
+
+ /* Setup a xform and op to generate private key only */
+ xform.dh.type = RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE;
+ xform.next = NULL;
+ asym_op->dh.priv_key.data = output;
+ asym_op->dh.priv_key.length = sizeof(output);
+
+ if (rte_cryptodev_asym_session_init(dev_id, sess, &xform,
+ sess_mpool) < 0) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "unabled to config sym session");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ /* attach asymmetric crypto session to crypto operations */
+ rte_crypto_op_attach_asym_session(op, sess);
+
+ snprintf(test_msg, ASYM_TEST_MSG_LEN, "Process ASYM operation");
+
+ /* Process crypto operation */
+ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Error sending packet for operation");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+ rte_pause();
+
+ if (result_op == NULL) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to process asym crypto op");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ debug_hexdump(stdout, "private key:",
+ asym_op->dh.priv_key.data,
+ asym_op->dh.priv_key.length);
+
+
+error_exit:
+ if (sess != NULL) {
+ rte_cryptodev_asym_session_clear(dev_id, sess);
+ rte_cryptodev_asym_session_free(sess);
+ }
+ if (op != NULL)
+ rte_crypto_op_free(op);
+
+ return status;
+}
+
+
+static int
+test_dh_gen_pub_key(DH *testkey,
+ struct rte_crypto_asym_xform *xfrm)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ struct rte_mempool *op_mpool = ts_params->op_mpool;
+ struct rte_mempool *sess_mpool = ts_params->session_mpool;
+ uint8_t dev_id = ts_params->valid_devs[0];
+ struct rte_crypto_asym_op *asym_op = NULL;
+ struct rte_crypto_op *op = NULL, *result_op = NULL;
+ struct rte_cryptodev_asym_session *sess = NULL;
+ int status = TEST_SUCCESS;
+ char test_msg[ASYM_TEST_MSG_LEN + 1];
+ uint8_t output[TEST_DH_MOD_LEN];
+ struct rte_crypto_asym_xform xform = *xfrm;
+
+ sess = rte_cryptodev_asym_session_create(sess_mpool);
+ if (sess == NULL) {
+ snprintf(test_msg,
+ ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s", __LINE__,
+ "Session creation failed");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ /* set up crypto op data structure */
+ op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+ if (!op) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to allocate asymmetric crypto "
+ "operation struct");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ asym_op = op->asym;
+ /* Setup a xform chain to generate public key
+ * using test private key
+ *
+ */
+ xform.dh.type = RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE;
+ xform.next = NULL;
+
+ asym_op->dh.pub_key.data = output;
+ asym_op->dh.pub_key.length = sizeof(output);
+ /* load pre-defined private key */
+ asym_op->dh.priv_key.data = rte_malloc(NULL,
+ BN_num_bytes(testkey->priv_key),
+ 0);
+ asym_op->dh.priv_key.length = BN_bn2bin(testkey->priv_key,
+ asym_op->dh.priv_key.data);
+
+ if (rte_cryptodev_asym_session_init(dev_id, sess, &xform,
+ sess_mpool) < 0) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "unabled to config sym session");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ /* attach asymmetric crypto session to crypto operations */
+ rte_crypto_op_attach_asym_session(op, sess);
+
+ snprintf(test_msg, ASYM_TEST_MSG_LEN, "Process ASYM operation");
+
+ /* Process crypto operation */
+ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Error sending packet for operation");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+ rte_pause();
+
+ if (result_op == NULL) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to process asym crypto op");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ debug_hexdump(stdout, "pub key:",
+ asym_op->dh.pub_key.data, asym_op->dh.pub_key.length);
+
+ BIGNUM *r = BN_new();
+ if (r != NULL) {
+ /* if priv key is same, then pub too should be same */
+ r = BN_bin2bn(asym_op->dh.pub_key.data,
+ asym_op->dh.pub_key.length, r);
+ if (BN_cmp(testkey->pub_key, r))
+ status = TEST_FAILED;
+ BN_free(r);
+ }
+
+error_exit:
+ if (sess != NULL) {
+ rte_cryptodev_asym_session_clear(dev_id, sess);
+ rte_cryptodev_asym_session_free(sess);
+ }
+ if (op != NULL) {
+ if (asym_op->dh.priv_key.data != NULL)
+ rte_free(asym_op->dh.priv_key.data);
+ rte_crypto_op_free(op);
+
+ }
+ return status;
+}
+
+
+static int
+test_dh_gen_kp(DH *testkey, struct rte_crypto_asym_xform *xfrm)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ struct rte_mempool *op_mpool = ts_params->op_mpool;
+ struct rte_mempool *sess_mpool = ts_params->session_mpool;
+ uint8_t dev_id = ts_params->valid_devs[0];
+ struct rte_crypto_asym_op *asym_op = NULL;
+ struct rte_crypto_op *op = NULL, *result_op = NULL;
+ struct rte_cryptodev_asym_session *sess = NULL;
+ int status = TEST_SUCCESS;
+ char test_msg[ASYM_TEST_MSG_LEN + 1];
+ uint8_t out_pub_key[TEST_DH_MOD_LEN];
+ uint8_t out_prv_key[TEST_DH_MOD_LEN];
+ struct rte_crypto_asym_xform pub_key_xform;
+ struct rte_crypto_asym_xform xform = *xfrm;
+
+ sess = rte_cryptodev_asym_session_create(sess_mpool);
+ if (sess == NULL) {
+ snprintf(test_msg,
+ ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s", __LINE__,
+ "Session creation failed");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ /* set up crypto op data structure */
+ op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+ if (!op) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to allocate asymmetric crypto "
+ "operation struct");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ asym_op = op->asym;
+ /* Setup a xform chain to generate
+ * private key first followed by
+ * public key
+ */
+ xform.dh.type = RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE;
+ pub_key_xform.xform_type = RTE_CRYPTO_ASYM_XFORM_DH;
+ pub_key_xform.dh.type = RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE;
+ xform.next = &pub_key_xform;
+
+ asym_op->dh.pub_key.data = out_pub_key;
+ asym_op->dh.pub_key.length = sizeof(out_pub_key);
+ asym_op->dh.priv_key.data = out_prv_key;
+ asym_op->dh.priv_key.length = sizeof(out_prv_key);
+ if (rte_cryptodev_asym_session_init(dev_id, sess, &xform,
+ sess_mpool) < 0) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "unabled to config sym session");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ /* attach asymmetric crypto session to crypto operations */
+ rte_crypto_op_attach_asym_session(op, sess);
+
+ snprintf(test_msg, ASYM_TEST_MSG_LEN, "Process ASYM operation");
+
+ /* Process crypto operation */
+ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Error sending packet for operation");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+ rte_pause();
+
+ if (result_op == NULL) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to process asym crypto op");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ debug_hexdump(stdout, "priv key:",
+ out_prv_key, asym_op->dh.priv_key.length);
+ debug_hexdump(stdout, "pub key:",
+ out_pub_key, asym_op->dh.pub_key.length);
+
+ BIGNUM *r = BN_new();
+ if (r != NULL) {
+ r = BN_bin2bn(asym_op->dh.priv_key.data,
+ asym_op->dh.priv_key.length, r);
+
+ /* if priv key is same, then pub too should be same */
+ if (!BN_cmp(testkey->priv_key, r)) {
+ r = BN_bin2bn(asym_op->dh.pub_key.data,
+ asym_op->dh.pub_key.length, r);
+ if (BN_cmp(testkey->pub_key, r))
+ status = TEST_FAILED;
+ }
+ BN_free(r);
+ }
+
+error_exit:
+ if (sess != NULL) {
+ rte_cryptodev_asym_session_clear(dev_id, sess);
+ rte_cryptodev_asym_session_free(sess);
+ }
+ if (op != NULL)
+ rte_crypto_op_free(op);
+
+ return status;
+}
+
+static int
+test_RSA_encryption(void)
+{
+ rsa_test_case.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
+ return test_rsa(&rsa_test_case);
+}
+
+static int
+test_RSA_decryption(void)
+{
+ rsa_test_case.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
+ return test_rsa(&rsa_test_case);
+}
+
+static int
+test_RSA_sign(void)
+{
+ rsa_test_case.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
+ return test_rsa(&rsa_test_case);
+}
+
+static int
+test_RSA_verify(void)
+{
+ int status;
+ rsa_test_case.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+ status = test_rsa(&rsa_test_case);
+ TEST_ASSERT_EQUAL(status, 0, "Test failed");
+ return TEST_SUCCESS;
+}
+
+static int
+test_mod_inv(void)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ struct rte_mempool *op_mpool = ts_params->op_mpool;
+ struct rte_mempool *sess_mpool = ts_params->session_mpool;
+ uint8_t dev_id = ts_params->valid_devs[0];
+ struct rte_crypto_asym_op *asym_op = NULL;
+ struct rte_crypto_op *op = NULL, *result_op = NULL;
+ struct rte_cryptodev_asym_session *sess = NULL;
+ int status = TEST_SUCCESS;
+ char test_msg[ASYM_TEST_MSG_LEN + 1];
+ struct rte_cryptodev_asym_capability_idx cap_idx;
+ const struct rte_cryptodev_asymmetric_xfrm_capability *capability;
+ BN_CTX *ctx = NULL;
+ uint8_t input[TEST_DATA_SIZE] = {0}, sw_res[TEST_DATA_SIZE] = {0};
+ uint8_t sw_res_len = 0;
+
+ if (rte_cryptodev_get_asym_xform_enum(
+ &modinv_xform.xform_type, "modinv") < 0) {
+ snprintf(test_msg,
+ ASYM_TEST_MSG_LEN,
+ "Invalid ASYNC algorithm specified\n");
+ return -1;
+ }
+
+ cap_idx.type = modinv_xform.xform_type;
+ capability = rte_cryptodev_asym_capability_get(dev_id,
+ &cap_idx);
+
+ if (rte_cryptodev_asym_xfrm_capability_check_modlen(
+ capability,
+ modinv_xform.modinv.modulus.length)) {
+ snprintf(test_msg,
+ ASYM_TEST_MSG_LEN,
+ "Invalid MODULOUS length specified\n");
+ return -1;
+ }
+
+ sess = rte_cryptodev_asym_session_create(sess_mpool);
+ if (!sess) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN, "line %u "
+ "FAILED: %s", __LINE__,
+ "Session creation failed");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ if (rte_cryptodev_asym_session_init(dev_id, sess, &modinv_xform,
+ sess_mpool) < 0) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "unabled to config sym session");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ /* generate crypto op data structure */
+ op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+ if (!op) {
+ snprintf(test_msg,
+ ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to allocate asymmetric crypto "
+ "operation struct");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ asym_op = op->asym;
+ memcpy(input, base, sizeof(base));
+ asym_op->modinv.base.data = input;
+ asym_op->modinv.base.length = sizeof(base);
+
+ /* attach asymmetric crypto session to crypto operations */
+ rte_crypto_op_attach_asym_session(op, sess);
+
+ snprintf(test_msg, ASYM_TEST_MSG_LEN, "Process ASYM operation");
+ /* Process crypto operation */
+ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Error sending packet for operation");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+ rte_pause();
+ if (result_op == NULL) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to process asym crypto op");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ snprintf(test_msg,
+ ASYM_TEST_MSG_LEN,
+ "Modinv :%s length:%lu\n",
+ asym_op->modinv.base.data,
+ asym_op->modinv.base.length);
+
+ /* cross verify output using sw lib */
+ ctx = BN_CTX_new();
+ if (ctx == NULL) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to allocate CTX");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ BN_CTX_start(ctx);
+ BIGNUM *x = BN_CTX_get(ctx);
+ BIGNUM *m = BN_CTX_get(ctx);
+ BIGNUM *r = BN_CTX_get(ctx);
+
+ if (!x || !m || !r) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to allocate Bignum");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ m = BN_bin2bn(
+ (const unsigned char *)modinv_xform.modinv.modulus.data,
+ modinv_xform.modinv.modulus.length, m);
+ x = BN_bin2bn((const unsigned char *)base, sizeof(base), x);
+ if (!BN_mod_inverse(r, x, m, ctx)) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "SW Mod Inv failed");
+ status = TEST_FAILED;
+ goto error_exit;
+ } else {
+ sw_res_len = BN_bn2bin(r, sw_res);
+ if (memcmp(sw_res, result_op->asym->modinv.base.data,
+ result_op->asym->modinv.base.length)) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "resulted len[%lu]:expected len[%d]"
+ "FAILED: %s",
+ result_op->asym->modinv.base.length,
+ sw_res_len,
+ "SW validation fails");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ }
+ snprintf(test_msg, ASYM_TEST_MSG_LEN, "PASS");
+
+error_exit:
+ if (ctx) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+
+ if (sess) {
+ rte_cryptodev_asym_session_clear(dev_id, sess);
+ rte_cryptodev_asym_session_free(sess);
+ }
+
+ if (op)
+ rte_crypto_op_free(op);
+ return status;
+}
+
+static int
+test_mod_exp(void)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ struct rte_mempool *op_mpool = ts_params->op_mpool;
+ struct rte_mempool *sess_mpool = ts_params->session_mpool;
+ uint8_t dev_id = ts_params->valid_devs[0];
+ struct rte_crypto_asym_op *asym_op = NULL;
+ struct rte_crypto_op *op = NULL, *result_op = NULL;
+ struct rte_cryptodev_asym_session *sess = NULL;
+ int status = TEST_SUCCESS;
+ char test_msg[ASYM_TEST_MSG_LEN + 1];
+ struct rte_cryptodev_asym_capability_idx cap_idx;
+ const struct rte_cryptodev_asymmetric_xfrm_capability *capability;
+ BN_CTX *ctx = NULL;
+ uint8_t input[TEST_DATA_SIZE] = {0}, sw_res[TEST_DATA_SIZE] = {0};
+ uint8_t sw_res_len = 0;
+
+ if (rte_cryptodev_get_asym_xform_enum(&modex_xform.xform_type,
+ "modexp")
+ < 0) {
+ snprintf(test_msg,
+ ASYM_TEST_MSG_LEN,
+ "Invalid ASYNC algorithm specified\n");
+ return -1;
+ }
+
+ /* check for modlen capability */
+ cap_idx.type = modex_xform.xform_type;
+ capability = rte_cryptodev_asym_capability_get(dev_id, &cap_idx);
+
+ if (rte_cryptodev_asym_xfrm_capability_check_modlen(
+ capability, modex_xform.modex.modulus.length)) {
+ snprintf(test_msg,
+ ASYM_TEST_MSG_LEN,
+ "Invalid MODULOUS length specified\n");
+ return -1;
+ }
+
+ /* generate crypto op data structure */
+ op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+ if (!op) {
+ snprintf(test_msg,
+ ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to allocate asymmetric crypto "
+ "operation struct");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ sess = rte_cryptodev_asym_session_create(sess_mpool);
+ if (!sess) {
+ snprintf(test_msg,
+ ASYM_TEST_MSG_LEN,
+ "line %u "
+ "FAILED: %s", __LINE__,
+ "Session creation failed");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ if (rte_cryptodev_asym_session_init(dev_id, sess, &modex_xform,
+ sess_mpool) < 0) {
+ snprintf(test_msg,
+ ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "unabled to config sym session");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ asym_op = op->asym;
+ memcpy(input, base, sizeof(base));
+ asym_op->modex.base.data = input;
+ asym_op->modex.base.length = sizeof(base);
+ /* attach asymmetric crypto session to crypto operations */
+ rte_crypto_op_attach_asym_session(op, sess);
+
+ snprintf(test_msg, ASYM_TEST_MSG_LEN, "Process ASYM operation");
+ /* Process crypto operation */
+ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+ snprintf(test_msg,
+ ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Error sending packet for operation");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+ rte_pause();
+
+ if (result_op == NULL) {
+ snprintf(test_msg,
+ ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to process asym crypto op");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ /* cross verify output using sw lib */
+ ctx = BN_CTX_new();
+ if (ctx == NULL) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to allocate CTX");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ BN_CTX_start(ctx);
+ BIGNUM *x = BN_CTX_get(ctx);
+ BIGNUM *m = BN_CTX_get(ctx);
+ BIGNUM *e = BN_CTX_get(ctx);
+ BIGNUM *r = BN_CTX_get(ctx);
+
+ if (!x || !m || !e || !r) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to allocate Bignum");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ m = BN_bin2bn(
+ (const unsigned char *)modex_xform.modex.modulus.data,
+ modex_xform.modex.modulus.length, m);
+ e = BN_bin2bn(
+ (const unsigned char *)modex_xform.modex.exponent.data,
+ modex_xform.modex.exponent.length, e);
+ x = BN_bin2bn((const unsigned char *)base, sizeof(base), x);
+ if (!BN_mod_exp(r, x, e, m, ctx)) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "SW Mod Exp failed");
+ status = TEST_FAILED;
+ goto error_exit;
+ } else {
+ sw_res_len = BN_bn2bin(r, sw_res);
+ /* compare PMD result with sw result */
+ if (memcmp(sw_res,
+ result_op->asym->modex.base.data,
+ result_op->asym->modex.base.length)) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "resulted len[%lu]:expected len[%d]"
+ " FAILED: %s",
+ result_op->asym->modinv.base.length,
+ sw_res_len,
+ "SW validation fails");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ }
+ snprintf(test_msg, ASYM_TEST_MSG_LEN, "PASS");
+
+error_exit:
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+
+ if (sess != NULL) {
+ rte_cryptodev_asym_session_clear(dev_id, sess);
+ rte_cryptodev_asym_session_free(sess);
+ }
+
+ if (op != NULL)
+ rte_crypto_op_free(op);
+
+ return status;
+}
+
+static int
+test_dh_keygenration(void)
+{
+ int status;
+ struct rte_crypto_asym_xform xform;
+ uint8_t p[TEST_DH_MOD_LEN];
+ uint8_t g[TEST_DH_MOD_LEN];
+
+ /* generate dh test params using openssl apis */
+ DH *key = NULL;
+ key = DH_new();
+ if (key == NULL ||
+ (DH_generate_parameters_ex(key,
+ TEST_DH_MOD_LEN,
+ DH_GENERATOR_2, NULL) != 1)) {
+ RTE_LOG(ERR, USER1,
+ "Unable to generate test params\n");
+ status = TEST_FAILED;
+ return -1;
+ }
+
+ xform.dh.p.length = BN_bn2bin((const BIGNUM *)key->p, p);
+ xform.dh.g.length = BN_bn2bin((const BIGNUM *)key->g, g);
+
+ debug_hexdump(stdout, "p:", p, xform.dh.p.length);
+ debug_hexdump(stdout, "g:", g, xform.dh.g.length);
+
+ if (!DH_generate_key(key)) {
+ RTE_LOG(ERR, USER1,
+ "Unable to generate test params\n");
+ status = TEST_FAILED;
+ return -1;
+ }
+
+ /* load test params into dh xform */
+ xform.dh.p.data = p;
+ xform.dh.g.data = g;
+ xform.xform_type = RTE_CRYPTO_ASYM_XFORM_DH;
+
+ RTE_LOG(INFO, USER1,
+ "Test Public and Private key pair generation\n");
+
+ status = test_dh_gen_kp(key, &xform);
+ TEST_ASSERT_EQUAL(status, 0, "Test failed");
+
+ RTE_LOG(INFO, USER1,
+ "Test Public Key Generation using pre-defined priv key\n");
+
+ status = test_dh_gen_pub_key(key, &xform);
+ TEST_ASSERT_EQUAL(status, 0, "Test failed");
+
+ RTE_LOG(INFO, USER1,
+ "Test Private Key Generation only\n");
+
+ status = test_dh_gen_priv_key(key, &xform);
+ TEST_ASSERT_EQUAL(status, 0, "Test failed");
+
+ RTE_LOG(INFO, USER1,
+ "Test shared secret compute\n");
+
+ status = test_dh_gen_shared_sec(key, &xform);
+ TEST_ASSERT_EQUAL(status, 0, "Test failed");
+
+ DH_free(key);
+ return status;
+}
+
+static int
+test_dsa_sign(DSA *testdsa, uint8_t *message, size_t msg_len)
+{
+ struct crypto_testsuite_params *ts_params = &testsuite_params;
+ struct rte_mempool *op_mpool = ts_params->op_mpool;
+ struct rte_mempool *sess_mpool = ts_params->session_mpool;
+ uint8_t dev_id = ts_params->valid_devs[0];
+ struct rte_crypto_asym_op *asym_op = NULL;
+ struct rte_crypto_op *op = NULL, *result_op = NULL;
+ struct rte_cryptodev_asym_session *sess = NULL;
+ int status = TEST_SUCCESS;
+ char test_msg[ASYM_TEST_MSG_LEN + 1];
+ uint8_t r[TEST_DH_MOD_LEN];
+ uint8_t s[TEST_DH_MOD_LEN];
+ struct rte_crypto_asym_xform xform;
+
+ sess = rte_cryptodev_asym_session_create(sess_mpool);
+ if (sess == NULL) {
+ snprintf(test_msg,
+ ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s", __LINE__,
+ "Session creation failed");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ /* set up crypto op data structure */
+ op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
+ if (!op) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to allocate asymmetric crypto "
+ "operation struct");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ asym_op = op->asym;
+
+ /* Setup a xform for DSA */
+ xform.xform_type = RTE_CRYPTO_ASYM_XFORM_DSA;
+ xform.next = NULL;
+ xform.dsa.x.data = rte_malloc(NULL,
+ BN_num_bytes(testdsa->priv_key),
+ 0);
+ xform.dsa.p.data = rte_malloc(NULL,
+ BN_num_bytes(testdsa->p),
+ 0);
+ xform.dsa.q.data = rte_malloc(NULL,
+ BN_num_bytes(testdsa->q),
+ 0);
+ xform.dsa.g.data = rte_malloc(NULL,
+ BN_num_bytes(testdsa->g),
+ 0);
+
+ /* copy test params to xform params */
+ xform.dsa.x.length = BN_bn2bin(testdsa->priv_key,
+ xform.dsa.x.data);
+ xform.dsa.p.length = BN_bn2bin(testdsa->p,
+ xform.dsa.p.data);
+ xform.dsa.q.length = BN_bn2bin(testdsa->q,
+ xform.dsa.q.data);
+ xform.dsa.g.length = BN_bn2bin(testdsa->g,
+ xform.dsa.g.data);
+
+ if (rte_cryptodev_asym_session_init(dev_id, sess, &xform,
+ sess_mpool) < 0) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "unabled to config sym session");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ /* attach asymmetric crypto session to crypto operations */
+ rte_crypto_op_attach_asym_session(op, sess);
+ asym_op->dsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
+ asym_op->dsa.message.data = message;
+ asym_op->dsa.message.length = msg_len;
+ asym_op->dsa.r.length = sizeof(r);
+ asym_op->dsa.r.data = r;
+ asym_op->dsa.s.length = sizeof(s);
+ asym_op->dsa.s.data = s;
+
+ snprintf(test_msg, ASYM_TEST_MSG_LEN, "Process ASYM operation");
+
+ /* Process crypto operation */
+ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Error sending packet for operation");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+ rte_pause();
+
+ if (result_op == NULL) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to process asym crypto op");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ asym_op = result_op->asym;
+
+ debug_hexdump(stdout, "r:",
+ asym_op->dsa.r.data, asym_op->dsa.r.length);
+ debug_hexdump(stdout, "s:",
+ asym_op->dsa.s.data, asym_op->dsa.s.length);
+
+ /* verify using sw */
+ DSA_SIG *sig = DSA_SIG_new();
+ if (!sig) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to allocate sw DSA sign");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+ sig->r = BN_bin2bn(asym_op->dsa.r.data, asym_op->dsa.r.length,
+ sig->r);
+ sig->s = BN_bin2bn(asym_op->dsa.s.data, asym_op->dsa.s.length,
+ sig->s);
+ if (!DSA_do_verify(message, msg_len, sig, testdsa)) {
+ status = TEST_FAILED;
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ " sign compute cross verification failed\n");
+ DSA_SIG_free(sig);
+ goto error_exit;
+ }
+ DSA_SIG_free(sig);
+
+ /* Test PMD DSA sign verification using signer public key */
+ asym_op->dsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
+
+ /* copy signer public key */
+ asym_op->dsa.y.data = rte_malloc(NULL,
+ BN_num_bytes(testdsa->pub_key),
+ 0);
+ asym_op->dsa.y.length = BN_bn2bin(testdsa->pub_key,
+ asym_op->dsa.y.data);
+
+ /* Process crypto operation */
+ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Error sending packet for operation");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ while (rte_cryptodev_dequeue_burst(dev_id, 0, &result_op, 1) == 0)
+ rte_pause();
+
+ if (result_op == NULL) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to process asym crypto op");
+ status = TEST_FAILED;
+ goto error_exit;
+ }
+
+ if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+ snprintf(test_msg, ASYM_TEST_MSG_LEN,
+ "line %u FAILED: %s",
+ __LINE__, "Failed to process asym crypto op");
+ status = TEST_FAILED;
+ }
+
+error_exit:
+ if (sess != NULL) {
+ rte_cryptodev_asym_session_clear(dev_id, sess);
+ rte_cryptodev_asym_session_free(sess);
+ }
+ if (op != NULL) {
+ if (xform.dsa.x.data)
+ rte_free(xform.dsa.x.data);
+ if (xform.dsa.p.data)
+ rte_free(xform.dsa.p.data);
+ if (xform.dsa.q.data)
+ rte_free(xform.dsa.q.data);
+ if (xform.dsa.g.data)
+ rte_free(xform.dsa.g.data);
+ rte_crypto_op_free(op);
+ }
+ return status;
+}
+
+static int
+test_dsa(void)
+{
+ int status;
+ DSA *dsa = DSA_new();
+ uint8_t dgst[] = "01234567890123456789";
+ /* generate test params */
+ if (dsa == NULL || !DSA_generate_parameters_ex(dsa, TEST_DH_MOD_LEN,
+ NULL, 0, NULL, NULL, NULL)) {
+ RTE_LOG(ERR, USER1,
+ " failed to generate test params\n");
+ return TEST_FAILED;
+ }
+ if (!DSA_generate_key(dsa)) {
+ RTE_LOG(ERR, USER1,
+ " failed to generate test params\n");
+ return TEST_FAILED;
+ }
+
+ /* test DSA sign using generated private key */
+ status = test_dsa_sign(dsa, dgst, sizeof(dgst));
+ TEST_ASSERT_EQUAL(status, 0, "Test failed");
+
+ DSA_free(dsa);
+ return status;
+}
+
+
+static struct unit_test_suite cryptodev_openssl_asym_testsuite = {
+ .suite_name = "Crypto Device OPENSSL ASYM Unit Test Suite",
+ .setup = testsuite_setup,
+ .teardown = testsuite_teardown,
+ .unit_test_cases = {
+ TEST_CASE_ST(ut_setup, ut_teardown, test_capability),
+ TEST_CASE_ST(ut_setup, ut_teardown, test_dsa),
+ TEST_CASE_ST(ut_setup, ut_teardown, test_dh_keygenration),
+ TEST_CASE_ST(ut_setup, ut_teardown, test_RSA_encryption),
+ TEST_CASE_ST(ut_setup, ut_teardown, test_RSA_decryption),
+ TEST_CASE_ST(ut_setup, ut_teardown, test_RSA_sign),
+ TEST_CASE_ST(ut_setup, ut_teardown, test_RSA_verify),
+ TEST_CASE_ST(ut_setup, ut_teardown, test_mod_inv),
+ TEST_CASE_ST(ut_setup, ut_teardown, test_mod_exp),
+ TEST_CASES_END() /**< NULL terminate unit test array */
+ }
+};
+
+static int
+test_cryptodev_openssl_asym(void)
+{
+ gbl_driver_id = rte_cryptodev_driver_id_get(
+ RTE_STR(CRYPTODEV_NAME_OPENSSL_PMD));
+
+ if (gbl_driver_id == -1) {
+ RTE_LOG(ERR, USER1, "OPENSSL PMD must be loaded. Check if "
+ "CONFIG_RTE_LIBRTE_PMD_OPENSSL is enabled "
+ "in config file to run this testsuite.\n");
+ return TEST_FAILED;
+ }
+
+ return unit_test_suite_runner(&cryptodev_openssl_asym_testsuite);
+}
+
+REGISTER_TEST_COMMAND(cryptodev_openssl_asym_autotest,
+ test_cryptodev_openssl_asym);
--
2.14.3
^ permalink raw reply [flat|nested] 4+ messages in thread* [dpdk-dev] [PATCH v1 2/3] crypto/openssl: add asym crypto support
2018-04-03 10:31 [dpdk-dev] [PATCH v1 0/3]cryptodev: add unit tests and PMD for asym crypto Shally Verma
2018-04-03 10:31 ` [dpdk-dev] [PATCH v1 1/3] lib/cryptodev: add unit testcase " Shally Verma
@ 2018-04-03 10:31 ` Shally Verma
2018-04-03 10:31 ` [dpdk-dev] [PATCH v1 3/3] doc: add asym crypto in cryptodev programmer guide Shally Verma
2 siblings, 0 replies; 4+ messages in thread
From: Shally Verma @ 2018-04-03 10:31 UTC (permalink / raw)
To: pablo.de.lara.guarch
Cc: declan.doherty, fiona.trahe, pathreya, ssahu, agupta, dev,
Sunila Sahu, Ashish Gupta
Add asymmetric crypto operation support in openssl PMD.
Current list of supported asym xforms:
* RSA
* DSA
* Deffie-hellman
* Modular Operations
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
Signed-off-by: Sunila Sahu <sunila.sahu@caviumnetworks.com>
Signed-off-by: Ashish Gupta <ashish.gupta@caviumnetworks.com>
---
doc/guides/cryptodevs/features/openssl.ini | 11 +
doc/guides/cryptodevs/openssl.rst | 2 +
drivers/crypto/openssl/rte_openssl_pmd.c | 377 ++++++++++++++++++++-
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 400 ++++++++++++++++++++++-
drivers/crypto/openssl/rte_openssl_pmd_private.h | 29 ++
5 files changed, 807 insertions(+), 12 deletions(-)
diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/cryptodevs/features/openssl.ini
index 691565865..bef5c7f79 100644
--- a/doc/guides/cryptodevs/features/openssl.ini
+++ b/doc/guides/cryptodevs/features/openssl.ini
@@ -7,6 +7,7 @@
Symmetric crypto = Y
Sym operation chaining = Y
Mbuf scatter gather = Y
+Asymmetric crypto = Y
;
; Supported crypto algorithms of the 'openssl' crypto driver.
@@ -49,3 +50,13 @@ AES GCM (256) = Y
AES CCM (128) = Y
AES CCM (192) = Y
AES CCM (256) = Y
+
+;
+; Supported Asymmetric algorithms of the 'openssl' crypto driver.
+;
+[Asymmetric]
+RSA = Y
+DSA = Y
+Modular Exponentiation = Y
+Modular Inversion = Y
+Deffie-hellman = Y
diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst
index 427fc807c..ccb037a80 100644
--- a/doc/guides/cryptodevs/openssl.rst
+++ b/doc/guides/cryptodevs/openssl.rst
@@ -80,6 +80,7 @@ crypto processing.
Test name is cryptodev_openssl_autotest.
For performance test cryptodev_openssl_perftest can be used.
+For asymmetric crypto operations testing, run cryptodev_openssl_asym_autotest
To verify real traffic l2fwd-crypto example can be used with this command:
@@ -103,3 +104,4 @@ Limitations
contiguous).
* Hash only is not supported for GCM and GMAC.
* Cipher only is not supported for GCM and GMAC.
+
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index f584d0d6f..527e42773 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -727,19 +727,35 @@ openssl_reset_session(struct openssl_session *sess)
}
/** Provide session for operation */
-static struct openssl_session *
+static void *
get_session(struct openssl_qp *qp, struct rte_crypto_op *op)
{
struct openssl_session *sess = NULL;
+ struct openssl_asym_session *asym_sess = NULL;
if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
- /* get existing session */
- if (likely(op->sym->session != NULL))
- sess = (struct openssl_session *)
- get_session_private_data(
- op->sym->session,
- cryptodev_driver_id);
+ if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
+ /* get existing session */
+ if (likely(op->sym->session != NULL))
+ sess = (struct openssl_session *)
+ get_session_private_data(
+ op->sym->session,
+ cryptodev_driver_id);
+ } else {
+ if (likely(op->asym->session != NULL))
+ asym_sess = (struct openssl_asym_session *)
+ get_asym_session_private_data(
+ op->asym->session,
+ cryptodev_driver_id);
+ if (asym_sess == NULL)
+ op->status =
+ RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
+ return asym_sess;
+ }
} else {
+ if (op->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC)
+ return NULL; /* sessionless asymmetric not supported */
+
/* provide internal session */
void *_sess = NULL;
void *_sess_private_data = NULL;
@@ -1525,6 +1541,341 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
op->status = RTE_CRYPTO_OP_STATUS_ERROR;
}
+static int process_openssl_modinv_op(struct rte_crypto_op *cop,
+ struct openssl_asym_session *sess)
+{
+ struct rte_crypto_asym_op *op = cop->asym;
+ BIGNUM *base = BN_CTX_get(sess->u.m.ctx);
+ BIGNUM *res = BN_CTX_get(sess->u.m.ctx);
+
+ if (unlikely(base == NULL || res == NULL)) {
+ if (base)
+ BN_free(base);
+ if (res)
+ BN_free(res);
+ cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
+ return -1;
+ }
+
+ base = BN_bin2bn((const unsigned char *)op->modinv.base.data,
+ op->modinv.base.length, base);
+
+ if (BN_mod_inverse(res, base, sess->u.m.modulus, sess->u.m.ctx)) {
+ cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+ op->modinv.base.length = BN_bn2bin(res, op->modinv.base.data);
+ } else {
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ }
+
+ return 0;
+}
+
+static int process_openssl_modexp_op(struct rte_crypto_op *cop,
+ struct openssl_asym_session *sess)
+{
+ struct rte_crypto_asym_op *op = cop->asym;
+ BIGNUM *base = BN_CTX_get(sess->u.e.ctx);
+ BIGNUM *res = BN_CTX_get(sess->u.e.ctx);
+
+ if (unlikely(base == NULL || res == NULL)) {
+ if (base)
+ BN_free(base);
+ if (res)
+ BN_free(res);
+ cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
+ return -1;
+ }
+
+ base = BN_bin2bn((const unsigned char *)op->modinv.base.data,
+ op->modinv.base.length, base);
+
+ if (BN_mod_exp(res, base, sess->u.e.exp,
+ sess->u.e.mod, sess->u.e.ctx)) {
+ op->modinv.base.length = BN_bn2bin(res, op->modinv.base.data);
+ cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+ } else {
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ }
+
+ return 0;
+}
+
+/* process rsa operations */
+static int process_openssl_rsa_op(struct rte_crypto_op *cop,
+ struct openssl_asym_session *sess)
+{
+ int ret = 0;
+ struct rte_crypto_asym_op *op = cop->asym;
+ RSA *rsa = sess->u.r.rsa;
+ uint32_t pad = (op->rsa.pad);
+
+ switch (pad) {
+ case RTE_CRYPTO_RSA_PKCS1_V1_5_BT1:
+ case RTE_CRYPTO_RSA_PKCS1_V1_5_BT2:
+ pad = RSA_PKCS1_PADDING;
+ break;
+ case RTE_CRYPTO_RSA_PADDING_PSS:
+ pad = RSA_PKCS1_PSS_PADDING;
+ /* fall through */
+ case RTE_CRYPTO_RSA_PADDING_OAEP:
+ pad = RSA_PKCS1_OAEP_PADDING;
+ /* fall through */
+ default:
+ pad = RSA_NO_PADDING;
+ break;
+ }
+
+ switch (op->rsa.op_type) {
+ case RTE_CRYPTO_ASYM_OP_ENCRYPT:
+ ret = RSA_public_encrypt(op->rsa.message.length,
+ op->rsa.message.data,
+ op->rsa.message.data,
+ rsa,
+ pad);
+
+ op->rsa.message.length = ret;
+ OPENSSL_LOG_DBG("length of encrypted text %d\n", ret);
+ break;
+
+ case RTE_CRYPTO_ASYM_OP_DECRYPT:
+ ret = RSA_private_decrypt(op->rsa.message.length,
+ op->rsa.message.data,
+ op->rsa.message.data,
+ rsa,
+ pad);
+ op->rsa.message.length = ret;
+ break;
+
+ case RTE_CRYPTO_ASYM_OP_SIGN:
+ ret = RSA_private_encrypt(op->rsa.message.length,
+ op->rsa.message.data,
+ op->rsa.sign.data,
+ rsa,
+ pad);
+ op->rsa.sign.length = ret;
+ break;
+
+ case RTE_CRYPTO_ASYM_OP_VERIFY:
+ ret = RSA_public_decrypt(op->rsa.sign.length,
+ op->rsa.sign.data,
+ op->rsa.sign.data,
+ rsa,
+ pad);
+
+ OPENSSL_LOG_DBG(
+ "Length of public_decrypt %d length of message %d\n",
+ ret, op->rsa.message.length);
+
+ if (memcmp(op->rsa.sign.data, op->rsa.message.data,
+ op->rsa.message.length)) {
+ OPENSSL_LOG_ERR("RSA sign Verification failed");
+ ret = -1;
+ }
+ break;
+ default:
+ /* allow ops with invalid args to be pushed to
+ * completion queue
+ */
+ cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+ break;
+ }
+
+ if (ret < 0) {
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ ret = 0;
+ }
+
+ ret = 0;
+ return ret;
+}
+
+static int
+process_openssl_dh_op(struct rte_crypto_op *cop,
+ struct openssl_asym_session *sess)
+{
+ struct rte_crypto_dh_op_param *op = &cop->asym->dh;
+ DH *dh_key = sess->u.dh.dh_key;
+
+ if (sess->u.dh.key_op &
+ (1 << RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE)) {
+ BIGNUM *peer_key = NULL;
+
+ /* copy private key and peer key and compute shared secret */
+ peer_key = BN_bin2bn(op->pub_key.data,
+ op->pub_key.length,
+ peer_key);
+ if (peer_key == NULL) {
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ return 0;
+ }
+ dh_key->priv_key = BN_bin2bn(op->priv_key.data,
+ op->priv_key.length,
+ dh_key->priv_key);
+ op->shared_secret.length = DH_compute_key(
+ op->shared_secret.data,
+ peer_key, dh_key);
+ if (!(op->shared_secret.length)) {
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ BN_free(peer_key);
+ return 0;
+ }
+ cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+ BN_free(peer_key);
+ return 0;
+ }
+
+ if ((sess->u.dh.key_op &
+ (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) &&
+ !(sess->u.dh.key_op &
+ (1 << RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE))) {
+ /* generate public key using user-pass private key */
+ dh_key->priv_key = BN_bin2bn(op->priv_key.data,
+ op->priv_key.length,
+ dh_key->priv_key);
+ if (dh_key->priv_key == NULL) {
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ return 0;
+ }
+ }
+
+ /* generate public and private key pair */
+ if (!DH_generate_key(dh_key)) {
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ return 0;
+ }
+
+ if (sess->u.dh.key_op &
+ (1 << RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE)) {
+ OPENSSL_LOG_DBG("%s:%d updated priv key\n",
+ __func__, __LINE__);
+
+ op->priv_key.length = BN_bn2bin(dh_key->priv_key,
+ op->priv_key.data);
+ }
+
+ if (sess->u.dh.key_op & (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) {
+ OPENSSL_LOG_DBG("%s:%d update public key\n",
+ __func__, __LINE__);
+
+ op->pub_key.length = BN_bn2bin(dh_key->pub_key,
+ op->pub_key.data);
+ }
+ cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+
+ return 0;
+}
+
+static int
+process_openssl_dsa_sign_op(struct rte_crypto_op *cop,
+ struct openssl_asym_session *sess)
+{
+ struct rte_crypto_dsa_op_param *op = &cop->asym->dsa;
+ DSA *dsa = sess->u.s.dsa;
+ DSA_SIG *sign;
+
+ sign = DSA_do_sign(op->message.data,
+ op->message.length,
+ dsa);
+
+ if (sign == NULL) {
+ OPENSSL_LOG_ERR("%s:%d\n", __func__, __LINE__);
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ } else {
+ op->r.length = BN_bn2bin(sign->r, op->r.data);
+ op->s.length = BN_bn2bin(sign->s, op->s.data);
+ cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+ }
+
+ DSA_SIG_free(sign);
+ return 0;
+}
+
+static int
+process_openssl_dsa_verify_op(struct rte_crypto_op *cop,
+ struct openssl_asym_session *sess)
+{
+ struct rte_crypto_dsa_op_param *op = &cop->asym->dsa;
+ DSA *dsa = sess->u.s.dsa;
+ int ret;
+ DSA_SIG *sign = DSA_SIG_new();
+
+ if (sign == NULL) {
+ OPENSSL_LOG_ERR(" %s:%d\n", __func__, __LINE__);
+ return -1;
+ }
+
+ sign->r = BN_bin2bn(op->r.data,
+ op->r.length,
+ sign->r);
+ sign->s = BN_bin2bn(op->s.data,
+ op->s.length,
+ sign->s);
+
+ dsa->pub_key = BN_bin2bn(op->y.data,
+ op->y.length,
+ dsa->pub_key);
+
+ ret = DSA_do_verify(op->message.data,
+ op->message.length,
+ sign,
+ dsa);
+
+ if (ret != 1)
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ else
+ cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
+
+ DSA_SIG_free(sign);
+
+ return 0;
+}
+
+
+static int
+process_asym_op(struct openssl_qp *qp, struct rte_crypto_op *op,
+ struct openssl_asym_session *sess)
+{
+ int retval = 0;
+
+ op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
+
+ switch (sess->xfrm_type) {
+ case RTE_CRYPTO_ASYM_XFORM_RSA:
+ retval = process_openssl_rsa_op(op, sess);
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_MODEX:
+ retval = process_openssl_modexp_op(op, sess);
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_MODINV:
+ retval = process_openssl_modinv_op(op, sess);
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_DH:
+ retval = process_openssl_dh_op(op, sess);
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_DSA:
+ if (op->asym->dsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN)
+ retval = process_openssl_dsa_sign_op(op, sess);
+ else if (op->asym->dsa.op_type == RTE_CRYPTO_ASYM_OP_VERIFY)
+ retval = process_openssl_dsa_verify_op(op, sess);
+ else
+ op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+ break;
+ default:
+ op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
+ break;
+ }
+ if (!retval) {
+ /* op processed so push to completion queue as processed */
+ retval = rte_ring_enqueue(qp->processed_ops, (void *)op);
+ if (retval)
+ /* return error if failed to put in completion queue */
+ retval = -1;
+ }
+
+ return retval;
+}
+
+
/** Process crypto operation for mbuf */
static int
process_op(struct openssl_qp *qp, struct rte_crypto_op *op,
@@ -1597,7 +1948,7 @@ static uint16_t
openssl_pmd_enqueue_burst(void *queue_pair, struct rte_crypto_op **ops,
uint16_t nb_ops)
{
- struct openssl_session *sess;
+ void *sess;
struct openssl_qp *qp = queue_pair;
int i, retval;
@@ -1606,7 +1957,12 @@ openssl_pmd_enqueue_burst(void *queue_pair, struct rte_crypto_op **ops,
if (unlikely(sess == NULL))
goto enqueue_err;
- retval = process_op(qp, ops[i], sess);
+ if (ops[i]->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC)
+ retval = process_op(qp, ops[i],
+ (struct openssl_session *) sess);
+ else
+ retval = process_asym_op(qp, ops[i],
+ (struct openssl_asym_session *) sess);
if (unlikely(retval < 0))
goto enqueue_err;
}
@@ -1660,7 +2016,8 @@ cryptodev_openssl_create(const char *name,
dev->feature_flags = RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO |
RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING |
RTE_CRYPTODEV_FF_CPU_AESNI |
- RTE_CRYPTODEV_FF_MBUF_SCATTER_GATHER;
+ RTE_CRYPTODEV_FF_MBUF_SCATTER_GATHER |
+ RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
/* Set vector instructions mode supported */
internals = dev->data->dev_private;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 1cb87d59a..ae8c44d3d 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -469,6 +469,110 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = {
}, }
}, }
},
+ { /* RSA */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
+ .xfrm_capa = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
+ .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) |
+ (1 << RTE_CRYPTO_ASYM_OP_VERIFY) |
+ (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) |
+ (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)),
+ {
+ .modlen = {
+ /* min length is based on openssl rsa keygen */
+ .min = 30,
+ /* value 0 symbolizes no limit on max length */
+ .max = 0,
+ .increment = 1
+ }, }
+ }
+ },
+ }
+ },
+ { /* modexp */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
+ .xfrm_capa = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX,
+ .op_types = 0,
+ {
+ .modlen = {
+ /* min length is based on openssl rsa keygen */
+ .min = 0,
+ /* value 0 symbolizes no limit on max length */
+ .max = 0,
+ .increment = 1
+ }, }
+ }
+ },
+ }
+ },
+ { /* modinv */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
+ .xfrm_capa = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV,
+ .op_types = 0,
+ {
+ .modlen = {
+ /* min length is based on openssl rsa keygen */
+ .min = 0,
+ /* value 0 symbolizes no limit on max length */
+ .max = 0,
+ .increment = 1
+ }, }
+ }
+ },
+ }
+ },
+ { /* dh */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_DH,
+ .xfrm_capa = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_DH,
+ .op_types =
+ ((1<<RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) |
+ (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE |
+ (1 <<
+ RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE))),
+ {
+ .modlen = {
+ /* min length is based on openssl rsa keygen */
+ .min = 0,
+ /* value 0 symbolizes no limit on max length */
+ .max = 0,
+ .increment = 1
+ }, }
+ }
+ },
+ }
+ },
+ { /* dsa */
+ .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC,
+ {.asym = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_DSA,
+ .xfrm_capa = {
+ .xform_type = RTE_CRYPTO_ASYM_XFORM_DSA,
+ .op_types =
+ ((1<<RTE_CRYPTO_ASYM_OP_SIGN) |
+ (1 << RTE_CRYPTO_ASYM_OP_VERIFY)),
+ {
+ .modlen = {
+ /* min length is based on openssl rsa keygen */
+ .min = 0,
+ /* value 0 symbolizes no limit on max length */
+ .max = 0,
+ .increment = 1
+ }, }
+ }
+ },
+ }
+ },
RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST()
};
@@ -670,13 +774,20 @@ openssl_pmd_qp_count(struct rte_cryptodev *dev)
return dev->data->nb_queue_pairs;
}
-/** Returns the size of the session structure */
+/** Returns the size of symmetric session structure */
static unsigned
openssl_pmd_session_get_size(struct rte_cryptodev *dev __rte_unused)
{
return sizeof(struct openssl_session);
}
+/** Returns the size of the session structure */
+static unsigned
+openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused)
+{
+ return sizeof(struct openssl_asym_session);
+}
+
/** Configure the session from a crypto xform chain */
static int
openssl_pmd_session_configure(struct rte_cryptodev *dev __rte_unused,
@@ -713,6 +824,236 @@ openssl_pmd_session_configure(struct rte_cryptodev *dev __rte_unused,
return 0;
}
+static int openssl_set_asym_session_parameters(
+ struct openssl_asym_session *asym_session,
+ struct rte_crypto_asym_xform *xform)
+{
+
+ if ((xform->xform_type != RTE_CRYPTO_ASYM_XFORM_DH) &&
+ (xform->next != NULL)) {
+ OPENSSL_LOG_ERR("chained xfrms are not supported on %s",
+ rte_crypto_asym_xform_strings[xform->xform_type]);
+ return -1;
+ }
+
+ switch (xform->xform_type) {
+ case RTE_CRYPTO_ASYM_XFORM_RSA:
+ {
+ struct rte_crypto_rsa_xform *xfrm = &(xform->rsa);
+ asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA;
+
+ RSA *rsa = RSA_new();
+ if (rsa == NULL)
+ return -1;
+ /* copy xfrm data into rsa struct */
+ rsa->n = BN_bin2bn((const unsigned char *)xfrm->n.data,
+ xfrm->n.length, rsa->n);
+ rsa->e = BN_bin2bn((const unsigned char *)xfrm->e.data,
+ xfrm->e.length, rsa->e);
+ if (xfrm->key_type == RTE_RSA_KEY_TYPE_EXP) {
+ rsa->d = BN_bin2bn((const unsigned char *)xfrm->d.data,
+ xfrm->d.length,
+ rsa->d);
+ } else {
+ rsa->p = BN_bin2bn(
+ (const unsigned char *)xfrm->qt.p.data,
+ xfrm->qt.p.length,
+ rsa->p);
+ rsa->q = BN_bin2bn(
+ (const unsigned char *)xfrm->qt.q.data,
+ xfrm->qt.q.length,
+ rsa->q);
+ rsa->dmp1 = BN_bin2bn(
+ (const unsigned char *)xfrm->qt.dP.data,
+ xfrm->qt.dP.length,
+ rsa->dmp1);
+ rsa->dmq1 = BN_bin2bn(
+ (const unsigned char *)xfrm->qt.dQ.data,
+ xfrm->qt.dQ.length,
+ rsa->dmq1);
+ rsa->iqmp = BN_bin2bn(
+ (const unsigned char *)
+ xfrm->qt.qInv.data,
+ xfrm->qt.qInv.length,
+ rsa->iqmp);
+ }
+ asym_session->u.r.rsa = rsa;
+ break;
+ }
+ case RTE_CRYPTO_ASYM_XFORM_MODEX:
+ {
+ struct rte_crypto_modex_xform *xfrm = &(xform->modex);
+
+ asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODEX;
+
+ BN_CTX *ctx = BN_CTX_new();
+ if (ctx == NULL) {
+ OPENSSL_LOG_ERR(" failed to allocate resources\n");
+ return -1;
+ }
+ BN_CTX_start(ctx);
+ BIGNUM *mod = BN_CTX_get(ctx);
+ BIGNUM *exp = BN_CTX_get(ctx);
+ if (mod == NULL || exp == NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return -1;
+ }
+ mod = BN_bin2bn((const unsigned char *)xfrm->modulus.data,
+ xfrm->modulus.length, mod);
+ exp = BN_bin2bn((const unsigned char *)xfrm->exponent.data,
+ xfrm->exponent.length, exp);
+ asym_session->u.e.ctx = ctx;
+ asym_session->u.e.mod = mod;
+ asym_session->u.e.exp = exp;
+ break;
+ }
+ case RTE_CRYPTO_ASYM_XFORM_MODINV:
+ {
+ struct rte_crypto_modinv_xform *xfrm = &(xform->modinv);
+
+ asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODINV;
+
+ BN_CTX *ctx = BN_CTX_new();
+ if (ctx == NULL) {
+ OPENSSL_LOG_ERR(" failed to allocate resources\n");
+ return -1;
+ }
+ BN_CTX_start(ctx);
+ BIGNUM *mod = BN_CTX_get(ctx);
+ if (mod == NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return -1;
+ }
+
+ mod = BN_bin2bn((const unsigned char *)
+ xfrm->modulus.data,
+ xfrm->modulus.length,
+ mod);
+ asym_session->u.m.ctx = ctx;
+ asym_session->u.m.modulus = mod;
+ break;
+ }
+ case RTE_CRYPTO_ASYM_XFORM_DH:
+ {
+ asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DH;
+
+ asym_session->u.dh.dh_key = DH_new();
+ DH *dh = asym_session->u.dh.dh_key;
+ if (dh == NULL) {
+ OPENSSL_LOG_ERR(" failed to allocate resources\n");
+ return -1;
+ }
+
+ dh->p = BN_bin2bn((const unsigned char *)
+ xform->dh.p.data,
+ xform->dh.p.length,
+ dh->p);
+
+ dh->g = BN_bin2bn((const unsigned char *)
+ xform->dh.g.data,
+ xform->dh.g.length,
+ dh->g);
+
+ /* setup xfrom for
+ * public key generate, or
+ * DH Priv key generate, or both
+ * public and private key generate
+ */
+ asym_session->u.dh.key_op = (1 << xform->dh.type);
+
+ if (xform->dh.type == RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) {
+ /* check if next is pubkey */
+ if ((xform->next != NULL) &&
+ (xform->next->xform_type ==
+ RTE_CRYPTO_ASYM_XFORM_DH) &&
+ (xform->next->dh.type ==
+ RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) {
+ /* setup op as pub/priv key pair generation */
+ asym_session->u.dh.key_op |=
+ (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE);
+ }
+ }
+ break;
+ }
+ case RTE_CRYPTO_ASYM_XFORM_DSA:
+ {
+ asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA;
+
+ asym_session->u.s.dsa = DSA_new();
+ DSA *dsa = asym_session->u.s.dsa;
+ if (dsa == NULL) {
+ OPENSSL_LOG_ERR(
+ " failed to allocate resources\n");
+ return -1;
+ }
+
+ dsa->p = BN_bin2bn((const unsigned char *)
+ xform->dsa.p.data,
+ xform->dsa.p.length,
+ dsa->p);
+
+ dsa->g = BN_bin2bn((const unsigned char *)
+ xform->dsa.g.data,
+ xform->dsa.g.length,
+ dsa->g);
+
+ dsa->q = BN_bin2bn((const unsigned char *)
+ xform->dsa.q.data,
+ xform->dsa.q.length,
+ dsa->q);
+
+ dsa->priv_key = BN_bin2bn((const unsigned char *)
+ xform->dsa.x.data,
+ xform->dsa.x.length,
+ dsa->priv_key);
+
+ break;
+ }
+ default:
+ return -1;
+ }
+
+ return 0;
+}
+
+/** Configure the session from a crypto xform chain */
+static int
+openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused,
+ struct rte_crypto_asym_xform *xform,
+ struct rte_cryptodev_asym_session *sess,
+ struct rte_mempool *mempool)
+{
+ void *asym_sess_private_data;
+ int ret;
+
+ if (unlikely(sess == NULL)) {
+ OPENSSL_LOG_ERR("invalid asymmetric session struct");
+ return -EINVAL;
+ }
+
+ if (rte_mempool_get(mempool, &asym_sess_private_data)) {
+ CDEV_LOG_ERR(
+ "Couldn't get object from session mempool");
+ return -ENOMEM;
+ }
+
+ ret = openssl_set_asym_session_parameters(asym_sess_private_data,
+ xform);
+ if (ret != 0) {
+ OPENSSL_LOG_ERR("failed configure session parameters");
+
+ /* Return session to mempool */
+ rte_mempool_put(mempool, asym_sess_private_data);
+ return ret;
+ }
+
+ set_asym_session_private_data(sess, dev->driver_id,
+ asym_sess_private_data);
+
+ return 0;
+}
/** Clear the memory of session so it doesn't leave key material behind */
static void
@@ -732,6 +1073,58 @@ openssl_pmd_session_clear(struct rte_cryptodev *dev,
}
}
+static void openssl_reset_asym_session(struct openssl_asym_session *sess)
+{
+ switch (sess->xfrm_type) {
+ case RTE_CRYPTO_ASYM_XFORM_RSA:
+ if (sess->u.r.rsa)
+ RSA_free(sess->u.r.rsa);
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_MODEX:
+ if (sess->u.e.ctx) {
+ BN_CTX_end(sess->u.e.ctx);
+ BN_CTX_free(sess->u.e.ctx);
+ }
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_MODINV:
+ if (sess->u.m.ctx) {
+ BN_CTX_end(sess->u.m.ctx);
+ BN_CTX_free(sess->u.m.ctx);
+ }
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_DH:
+ if (sess->u.dh.dh_key)
+ DH_free(sess->u.dh.dh_key);
+ break;
+ case RTE_CRYPTO_ASYM_XFORM_DSA:
+ if (sess->u.s.dsa)
+ DSA_free(sess->u.s.dsa);
+ break;
+ default:
+ break;
+ }
+}
+
+/** Clear the memory of asymmetric session
+ * so it doesn't leave key material behind
+ */
+static void
+openssl_pmd_asym_session_clear(struct rte_cryptodev *dev,
+ struct rte_cryptodev_asym_session *sess)
+{
+ uint8_t index = dev->driver_id;
+ void *sess_priv = get_asym_session_private_data(sess, index);
+
+ /* Zero out the whole structure */
+ if (sess_priv) {
+ openssl_reset_asym_session(sess_priv);
+ memset(sess_priv, 0, sizeof(struct openssl_asym_session));
+ struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv);
+ set_asym_session_private_data(sess, index, NULL);
+ rte_mempool_put(sess_mp, sess_priv);
+ }
+}
+
struct rte_cryptodev_ops openssl_pmd_ops = {
.dev_configure = openssl_pmd_config,
.dev_start = openssl_pmd_start,
@@ -750,8 +1143,11 @@ struct rte_cryptodev_ops openssl_pmd_ops = {
.queue_pair_count = openssl_pmd_qp_count,
.session_get_size = openssl_pmd_session_get_size,
+ .asym_session_get_size = openssl_pmd_asym_session_get_size,
.session_configure = openssl_pmd_session_configure,
- .session_clear = openssl_pmd_session_clear
+ .asym_session_configure = openssl_pmd_asym_session_configure,
+ .session_clear = openssl_pmd_session_clear,
+ .asym_session_clear = openssl_pmd_asym_session_clear
};
struct rte_cryptodev_ops *rte_openssl_pmd_ops = &openssl_pmd_ops;
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h
index bc8dc7cdc..ebc9dee53 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_private.h
+++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h
@@ -8,6 +8,10 @@
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/des.h>
+#include <openssl/rsa.h>
+#include <openssl/dh.h>
+#include <openssl/dsa.h>
+
#define CRYPTODEV_NAME_OPENSSL_PMD crypto_openssl
/**< Open SSL Crypto PMD device name */
@@ -157,6 +161,31 @@ struct openssl_session {
} __rte_cache_aligned;
+/** OPENSSL crypto private asymmetric session structure */
+struct openssl_asym_session {
+ enum rte_crypto_asym_xform_type xfrm_type;
+ union {
+ struct rsa {
+ RSA *rsa;
+ } r;
+ struct exp {
+ BIGNUM *exp;
+ BIGNUM *mod;
+ BN_CTX *ctx;
+ } e;
+ struct mod {
+ BIGNUM *modulus;
+ BN_CTX *ctx;
+ } m;
+ struct dh {
+ DH *dh_key;
+ uint32_t key_op;
+ } dh;
+ struct {
+ DSA *dsa;
+ } s;
+ } u;
+} __rte_cache_aligned;
/** Set and validate OPENSSL crypto session parameters */
extern int
openssl_set_session_parameters(struct openssl_session *sess,
--
2.14.3
^ permalink raw reply [flat|nested] 4+ messages in thread