From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
To: dev@dpdk.org
Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, anoobj@marvell.com,
Arek Kusztal <arkadiuszx.kusztal@intel.com>
Subject: [RFC PATCH 1/2] cryptodev: rsa improvements
Date: Tue, 22 Mar 2022 08:11:27 +0000 [thread overview]
Message-ID: <20220322081128.23733-1-arkadiuszx.kusztal@intel.com> (raw)
This commit reworks rsa implementation.
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
app/test/test_cryptodev_asym.c | 90 +++++++------
app/test/test_cryptodev_asym_util.h | 4 +-
drivers/crypto/meson.build | 4 +-
drivers/crypto/openssl/rte_openssl_pmd.c | 36 ++---
drivers/crypto/qat/dev/qat_asym_pmd_gen1.c | 2 +
drivers/crypto/qat/qat_asym.c | 28 ++--
lib/cryptodev/rte_crypto_asym.h | 202 +++++++++++++++++++++--------
7 files changed, 235 insertions(+), 131 deletions(-)
diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 573af2a537..71378cbdb2 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -75,6 +75,7 @@ queue_ops_rsa_sign_verify(void *sess)
struct rte_crypto_op *op, *result_op;
struct rte_crypto_asym_op *asym_op;
uint8_t output_buf[TEST_DATA_SIZE];
+ uint8_t input_sign[TEST_DATA_SIZE];
int status = TEST_SUCCESS;
/* Set up crypto op data structure */
@@ -90,14 +91,14 @@ queue_ops_rsa_sign_verify(void *sess)
/* Compute sign on the test vector */
asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
- asym_op->rsa.message.data = rsaplaintext.data;
- asym_op->rsa.message.length = rsaplaintext.len;
- asym_op->rsa.sign.length = 0;
- asym_op->rsa.sign.data = output_buf;
- asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
+ asym_op->rsa.input.data = rsaplaintext.data;
+ asym_op->rsa.input.length = rsaplaintext.len;
+ asym_op->rsa.output.length = 0;
+ asym_op->rsa.output.data = output_buf;
+ asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
- debug_hexdump(stdout, "message", asym_op->rsa.message.data,
- asym_op->rsa.message.length);
+ debug_hexdump(stdout, "message", asym_op->rsa.input.data,
+ asym_op->rsa.input.length);
/* Attach asymmetric crypto session to crypto operations */
rte_crypto_op_attach_asym_session(op, sess);
@@ -120,13 +121,18 @@ queue_ops_rsa_sign_verify(void *sess)
goto error_exit;
}
- debug_hexdump(stdout, "signed message", asym_op->rsa.sign.data,
- asym_op->rsa.sign.length);
+ debug_hexdump(stdout, "signed message", asym_op->rsa.output.data,
+ asym_op->rsa.output.length);
asym_op = result_op->asym;
/* Verify sign */
+ memcpy(input_sign, asym_op->rsa.output.data, asym_op->rsa.output.length);
+ asym_op->rsa.input.data = input_sign;
+ asym_op->rsa.input.length = asym_op->rsa.output.length;
+ asym_op->rsa.message.data = rsaplaintext.data;
+ asym_op->rsa.message.length = rsaplaintext.len;
asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
- asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
+ asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
/* Process crypto operation */
if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
@@ -181,14 +187,14 @@ queue_ops_rsa_enc_dec(void *sess)
/* Compute encryption on the test vector */
asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
- asym_op->rsa.message.data = rsaplaintext.data;
- asym_op->rsa.cipher.data = cipher_buf;
- asym_op->rsa.cipher.length = 0;
- asym_op->rsa.message.length = rsaplaintext.len;
- asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
+ asym_op->rsa.input.data = rsaplaintext.data;
+ asym_op->rsa.output.data = cipher_buf;
+ asym_op->rsa.output.length = 0;
+ asym_op->rsa.input.length = rsaplaintext.len;
+ asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
- debug_hexdump(stdout, "message", asym_op->rsa.message.data,
- asym_op->rsa.message.length);
+ debug_hexdump(stdout, "message", asym_op->rsa.input.data,
+ asym_op->rsa.input.length);
/* Attach asymmetric crypto session to crypto operations */
rte_crypto_op_attach_asym_session(op, sess);
@@ -210,14 +216,14 @@ queue_ops_rsa_enc_dec(void *sess)
status = TEST_FAILED;
goto error_exit;
}
- debug_hexdump(stdout, "encrypted message", asym_op->rsa.message.data,
- asym_op->rsa.message.length);
+ debug_hexdump(stdout, "encrypted message", asym_op->rsa.input.data,
+ asym_op->rsa.input.length);
/* Use the resulted output as decryption Input vector*/
asym_op = result_op->asym;
- asym_op->rsa.message.length = 0;
+ asym_op->rsa.input.length = 0;
asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
- asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
+ asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
/* Process crypto operation */
if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
@@ -270,20 +276,20 @@ test_cryptodev_asym_ver(struct rte_crypto_op *op,
case RTE_CRYPTO_ASYM_XFORM_RSA:
if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
data_size = xform_tc->rsa.n.length;
- data_received = result_op->asym->rsa.cipher.data;
+ data_received = result_op->asym->rsa.output.data;
data_expected = data_tc->rsa_data.ct.data;
} else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
data_size = xform_tc->rsa.n.length;
data_expected = data_tc->rsa_data.pt.data;
- data_received = result_op->asym->rsa.message.data;
+ data_received = result_op->asym->rsa.output.data;
} else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
data_size = xform_tc->rsa.n.length;
data_expected = data_tc->rsa_data.sign.data;
- data_received = result_op->asym->rsa.sign.data;
+ data_received = result_op->asym->rsa.output.data;
} else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_VERIFY) {
data_size = xform_tc->rsa.n.length;
data_expected = data_tc->rsa_data.pt.data;
- data_received = result_op->asym->rsa.cipher.data;
+ data_received = result_op->asym->rsa.output.data;
}
break;
case RTE_CRYPTO_ASYM_XFORM_DH:
@@ -414,28 +420,28 @@ test_cryptodev_asym_op(struct crypto_testsuite_params_asym *ts_params,
}
xform_tc.rsa.key_type = key_type;
- op->asym->rsa.pad = data_tc->rsa_data.padding;
+ op->asym->rsa.padding.type = data_tc->rsa_data.padding;
if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
- asym_op->rsa.message.data = data_tc->rsa_data.pt.data;
- asym_op->rsa.message.length = data_tc->rsa_data.pt.len;
- asym_op->rsa.cipher.data = result;
- asym_op->rsa.cipher.length = data_tc->rsa_data.n.len;
+ asym_op->rsa.input.data = data_tc->rsa_data.pt.data;
+ asym_op->rsa.input.length = data_tc->rsa_data.pt.len;
+ asym_op->rsa.output.data = result;
+ asym_op->rsa.output.length = data_tc->rsa_data.n.len;
} else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
- asym_op->rsa.message.data = result;
- asym_op->rsa.message.length = data_tc->rsa_data.n.len;
- asym_op->rsa.cipher.data = data_tc->rsa_data.ct.data;
- asym_op->rsa.cipher.length = data_tc->rsa_data.ct.len;
+ asym_op->rsa.output.data = result;
+ asym_op->rsa.output.length = data_tc->rsa_data.n.len;
+ asym_op->rsa.input.data = data_tc->rsa_data.ct.data;
+ asym_op->rsa.input.length = data_tc->rsa_data.ct.len;
} else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
- asym_op->rsa.sign.data = result;
- asym_op->rsa.sign.length = data_tc->rsa_data.n.len;
- asym_op->rsa.message.data = data_tc->rsa_data.pt.data;
- asym_op->rsa.message.length = data_tc->rsa_data.pt.len;
+ asym_op->rsa.output.data = result;
+ asym_op->rsa.output.length = data_tc->rsa_data.n.len;
+ asym_op->rsa.input.data = data_tc->rsa_data.pt.data;
+ asym_op->rsa.input.length = data_tc->rsa_data.pt.len;
} else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_VERIFY) {
- asym_op->rsa.cipher.data = result;
- asym_op->rsa.cipher.length = data_tc->rsa_data.n.len;
- asym_op->rsa.sign.data = data_tc->rsa_data.sign.data;
- asym_op->rsa.sign.length = data_tc->rsa_data.sign.len;
+ asym_op->rsa.input.data = data_tc->rsa_data.sign.data;
+ asym_op->rsa.input.length = data_tc->rsa_data.sign.len;
+ asym_op->rsa.output.data = result;
+ asym_op->rsa.output.length = data_tc->rsa_data.n.len;
}
break;
case RTE_CRYPTO_ASYM_XFORM_DH:
diff --git a/app/test/test_cryptodev_asym_util.h b/app/test/test_cryptodev_asym_util.h
index 83dc265dd7..175a6a4307 100644
--- a/app/test/test_cryptodev_asym_util.h
+++ b/app/test/test_cryptodev_asym_util.h
@@ -11,8 +11,8 @@ static inline int rsa_verify(struct rsa_test_data *rsa_param,
struct rte_crypto_op *result_op)
{
if (memcmp(rsa_param->data,
- result_op->asym->rsa.message.data,
- result_op->asym->rsa.message.length))
+ result_op->asym->rsa.input.data,
+ result_op->asym->rsa.input.length))
return -1;
return 0;
}
diff --git a/drivers/crypto/meson.build b/drivers/crypto/meson.build
index 147b8cf633..4d83b45ca5 100644
--- a/drivers/crypto/meson.build
+++ b/drivers/crypto/meson.build
@@ -7,7 +7,7 @@ drivers = [
'bcmfs',
'caam_jr',
'ccp',
- 'cnxk',
+# 'cnxk',
'dpaa_sec',
'dpaa2_sec',
'ipsec_mb',
@@ -15,7 +15,7 @@ drivers = [
'mvsam',
'nitrox',
'null',
- 'octeontx',
+# 'octeontx',
'openssl',
'scheduler',
'virtio',
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index d80e1052e2..45cee47c5d 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1897,7 +1897,7 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
int ret = 0;
struct rte_crypto_asym_op *op = cop->asym;
RSA *rsa = sess->u.r.rsa;
- uint32_t pad = (op->rsa.pad);
+ uint32_t pad = (op->rsa.padding.type);
uint8_t *tmp;
cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
@@ -1918,47 +1918,47 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
switch (op->rsa.op_type) {
case RTE_CRYPTO_ASYM_OP_ENCRYPT:
- ret = RSA_public_encrypt(op->rsa.message.length,
- op->rsa.message.data,
- op->rsa.cipher.data,
+ ret = RSA_public_encrypt(op->rsa.input.length,
+ op->rsa.input.data,
+ op->rsa.output.data,
rsa,
pad);
if (ret > 0)
- op->rsa.cipher.length = ret;
+ op->rsa.output.length = ret;
OPENSSL_LOG(DEBUG,
"length of encrypted text %d\n", ret);
break;
case RTE_CRYPTO_ASYM_OP_DECRYPT:
- ret = RSA_private_decrypt(op->rsa.cipher.length,
- op->rsa.cipher.data,
- op->rsa.message.data,
+ ret = RSA_private_decrypt(op->rsa.input.length,
+ op->rsa.input.data,
+ op->rsa.output.data,
rsa,
pad);
if (ret > 0)
- op->rsa.message.length = ret;
+ op->rsa.output.length = ret;
break;
case RTE_CRYPTO_ASYM_OP_SIGN:
- ret = RSA_private_encrypt(op->rsa.message.length,
- op->rsa.message.data,
- op->rsa.sign.data,
+ ret = RSA_private_encrypt(op->rsa.input.length,
+ op->rsa.input.data,
+ op->rsa.output.data,
rsa,
pad);
if (ret > 0)
- op->rsa.sign.length = ret;
+ op->rsa.output.length = ret;
break;
case RTE_CRYPTO_ASYM_OP_VERIFY:
- tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
+ tmp = rte_malloc(NULL, op->rsa.input.length, 0);
if (tmp == NULL) {
OPENSSL_LOG(ERR, "Memory allocation failed");
cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
break;
}
- ret = RSA_public_decrypt(op->rsa.sign.length,
- op->rsa.sign.data,
+ ret = RSA_public_decrypt(op->rsa.input.length,
+ op->rsa.input.data,
tmp,
rsa,
pad);
@@ -1966,9 +1966,9 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
OPENSSL_LOG(DEBUG,
"Length of public_decrypt %d "
"length of message %zd\n",
- ret, op->rsa.message.length);
+ ret, op->rsa.input.length);
if ((ret <= 0) || (CRYPTO_memcmp(tmp, op->rsa.message.data,
- op->rsa.message.length))) {
+ op->rsa.input.length))) {
OPENSSL_LOG(ERR, "RSA sign Verification failed");
cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
}
diff --git a/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c b/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
index 4499fdaf2d..b84e2963b0 100644
--- a/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
+++ b/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
@@ -4,10 +4,12 @@
#include <rte_cryptodev.h>
#include <cryptodev_pmd.h>
+#include <rte_bitops.h>
#include "qat_asym.h"
#include "qat_crypto.h"
#include "qat_crypto_pmd_gens.h"
+
struct rte_cryptodev_ops qat_asym_crypto_ops_gen1 = {
/* Device related operations */
.dev_configure = qat_cryptodev_config,
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 479d5308cf..cb2b47acbb 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -345,9 +345,9 @@ rsa_set_pub_input(struct rte_crypto_asym_op *asym_op,
alg_bytesize = qat_function.bytesize;
if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
- switch (asym_op->rsa.pad) {
+ switch (asym_op->rsa.padding.type) {
case RTE_CRYPTO_RSA_PADDING_NONE:
- SET_PKE_LN(cookie->input_array, asym_op->rsa.message,
+ SET_PKE_LN(cookie->input_array, asym_op->rsa.input,
alg_bytesize, 0);
break;
default:
@@ -358,9 +358,9 @@ rsa_set_pub_input(struct rte_crypto_asym_op *asym_op,
}
HEXDUMP("RSA Message", cookie->input_array[0], alg_bytesize);
} else {
- switch (asym_op->rsa.pad) {
+ switch (asym_op->rsa.padding.type) {
case RTE_CRYPTO_RSA_PADDING_NONE:
- SET_PKE_LN(cookie->input_array, asym_op->rsa.sign,
+ SET_PKE_LN(cookie->input_array, asym_op->rsa.input,
alg_bytesize, 0);
break;
default:
@@ -454,9 +454,9 @@ rsa_set_priv_input(struct rte_crypto_asym_op *asym_op,
if (asym_op->rsa.op_type ==
RTE_CRYPTO_ASYM_OP_DECRYPT) {
- switch (asym_op->rsa.pad) {
+ switch (asym_op->rsa.padding.type) {
case RTE_CRYPTO_RSA_PADDING_NONE:
- SET_PKE_LN(cookie->input_array, asym_op->rsa.cipher,
+ SET_PKE_LN(cookie->input_array, asym_op->rsa.input,
alg_bytesize, 0);
HEXDUMP("RSA ciphertext", cookie->input_array[0],
alg_bytesize);
@@ -469,9 +469,9 @@ rsa_set_priv_input(struct rte_crypto_asym_op *asym_op,
} else if (asym_op->rsa.op_type ==
RTE_CRYPTO_ASYM_OP_SIGN) {
- switch (asym_op->rsa.pad) {
+ switch (asym_op->rsa.padding.type) {
case RTE_CRYPTO_RSA_PADDING_NONE:
- SET_PKE_LN(cookie->input_array, asym_op->rsa.message,
+ SET_PKE_LN(cookie->input_array, asym_op->rsa.input,
alg_bytesize, 0);
HEXDUMP("RSA text to be signed", cookie->input_array[0],
alg_bytesize);
@@ -519,7 +519,7 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
if (asym_op->rsa.op_type ==
RTE_CRYPTO_ASYM_OP_ENCRYPT) {
- uint8_t *rsa_result = asym_op->rsa.cipher.data;
+ uint8_t *rsa_result = asym_op->rsa.output.data;
rte_memcpy(rsa_result,
cookie->output_array[0],
@@ -527,9 +527,9 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
HEXDUMP("RSA Encrypted data", cookie->output_array[0],
alg_bytesize);
} else {
- uint8_t *rsa_result = asym_op->rsa.cipher.data;
+ uint8_t *rsa_result = asym_op->rsa.output.data;
- switch (asym_op->rsa.pad) {
+ switch (asym_op->rsa.padding.type) {
case RTE_CRYPTO_RSA_PADDING_NONE:
rte_memcpy(rsa_result,
cookie->output_array[0],
@@ -545,9 +545,9 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
}
} else {
if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
- uint8_t *rsa_result = asym_op->rsa.message.data;
+ uint8_t *rsa_result = asym_op->rsa.output.data;
- switch (asym_op->rsa.pad) {
+ switch (asym_op->rsa.padding.type) {
case RTE_CRYPTO_RSA_PADDING_NONE:
rte_memcpy(rsa_result,
cookie->output_array[0],
@@ -561,7 +561,7 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
return RTE_CRYPTO_OP_STATUS_ERROR;
}
} else {
- uint8_t *rsa_result = asym_op->rsa.sign.data;
+ uint8_t *rsa_result = asym_op->rsa.output.data;
rte_memcpy(rsa_result,
cookie->output_array[0],
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index cd24d4b07b..834e06b96b 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -50,6 +50,19 @@ enum rte_crypto_ec_group {
RTE_CRYPTO_EC_GROUP_SECP521R1 = 25,
};
+/**<
+ * When set, message instead of message digest should be
+ * provided as an input for signature generation
+ */
+#define RTE_CRYPTO_RSA_FLAG_PT
+/**<
+ * When set, algorithmIdentifier is not added to message digest,
+ * therefore not forming digestInfo struct. PKCS1 v1.5 padding
+ * is added without further changes.
+ */
+#define RTE_CRYPTO_RSA_FLAG_PKCS1_NO_ASN1
+
+
/**
* Asymmetric crypto transformation types.
* Each xform type maps to one asymmetric algorithm
@@ -118,6 +131,21 @@ enum rte_crypto_asym_op_type {
RTE_CRYPTO_ASYM_OP_LIST_END
};
+enum rte_crypto_mgf {
+ RTE_CRYPTO_MGF_DEFAULT,
+ /**< Default mask generation function */
+ RTE_CRYPTO_MGF_MGF1_SHA1,
+ /**< MGF1 function with SHA1 hash algorithm */
+ RTE_CRYPTO_MGF_MGF1_SHA224,
+ /**< MGF1 function with SHA224 hash algorithm */
+ RTE_CRYPTO_MGF_MGF1_SHA256,
+ /**< MGF1 function with SHA256 hash algorithm */
+ RTE_CRYPTO_MGF_MGF1_SHA384,
+ /**< MGF1 function with SHA384 hash algorithm */
+ RTE_CRYPTO_MGF_MGF1_SHA512,
+ /**< MGF1 function with SHA512 hash algorithm */
+};
+
/**
* Padding types for RSA signature.
*/
@@ -162,6 +190,11 @@ enum rte_crypto_rsa_priv_key_type {
* and the device supports CSRNG, 'data' should be set to NULL.
* The crypto parameter in question will not be used by the PMD,
* as it is internally generated.
+ *
+ * In case an allocated buffer is used to return data from the PMD,
+ * i.e. encrypted/decrypted data or signature, it should be allocated
+ * with enough memory to hold the expected output. The length field will be set
+ * with the length of the data returned by the PMD.
*/
typedef struct rte_crypto_param_t {
uint8_t *data;
@@ -170,6 +203,8 @@ typedef struct rte_crypto_param_t {
/**< IO address of data buffer */
size_t length;
/**< length of data in bytes */
+ uint32_t capacity;
+ /**< capacity of this buffer in bytes */
} rte_crypto_param;
/** Unsigned big-integer in big-endian format */
@@ -311,6 +346,62 @@ struct rte_crypto_mod_op_param {
};
/**
+ * RSA padding type
+ */
+struct rte_crypto_rsa_padding {
+ enum rte_crypto_rsa_padding_type type;
+ /**< Type of RSA padding */
+ enum rte_crypto_auth_algorithm hash;
+ /**<
+ * RSA padding hash function
+ *
+ * When a specific padding type is selected, the following rules applies:
+ * - RTE_CRYPTO_RSA_PADDING_NONE:
+ * This field is ignored by the PMD
+ *
+ * - RTE_CRYPTO_RSA_PADDING_PKCS1_5:
+ * When signing operation this field is used to determine value
+ * of the DigestInfo structure, therefore specifying which algorithm
+ * was used to create the message digest.
+ * When doing encryption/decryption this field is ignored for this
+ * padding type.
+ *
+ * - RTE_CRYPTO_RSA_PADDING_OAEP
+ * This field shall be set with the hash algorithm used
+ * in the padding scheme
+ *
+ * - RTE_CRYPTO_RSA_PADDING_PSS
+ * This field shall be set with the hash algorithm used
+ * in the padding scheme (and to create the input message digest)
+ */
+ enum rte_crypto_mgf mgf;
+ /**<
+ * RSA padding mask generation function
+ *
+ * Used only for OAEP and PSS padding, otherwise ignored
+ * by the PMD.
+ * If RTE_CRYPTO_MGF_DEFAULT is selected, the default mask generation
+ * function defined by RFC standard is used with the hash function
+ * selected in the hash field.
+ */
+ uint16_t saltlen;
+ /**<
+ * RSA PSS padding salt length
+ *
+ * Used only when RTE_CRYPTO_RSA_PADDING_PSS padding is selected,
+ * otherwise ignored.
+ */
+ rte_crypto_param label;
+ /**<
+ * RSA OAEP padding optional label
+ *
+ * Used only when RTE_CRYPTO_RSA_PADDING_OAEP padding is selected,
+ * otherwise ignored. If label.data == NULL, a default label (empty string)
+ * is used.
+ */
+};
+
+/**
* RSA operation params
*
*/
@@ -318,72 +409,77 @@ struct rte_crypto_rsa_op_param {
enum rte_crypto_asym_op_type op_type;
/**< Type of RSA operation for transform */
- rte_crypto_param message;
+ rte_crypto_param input;
/**<
- * Pointer to input data
- * - to be encrypted for RSA public encrypt.
- * - to be signed for RSA sign generation.
- * - to be authenticated for RSA sign verification.
+ * When op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT:
*
- * Pointer to output data
- * - for RSA private decrypt.
- * In this case the underlying array should have been
- * allocated with enough memory to hold plaintext output
- * (i.e. must be at least RSA key size). The message.length
- * field should be 0 and will be overwritten by the PMD
- * with the decrypted length.
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
+ * input should only be used along with cryptographically
+ * secure padding scheme.
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5
+ * input shall be no longer than public modulus minus 11.
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_OAEP
+ * input shall be no longer than public modulus -
+ * 2 * len(hash) - 2.
*
- * All data is in Octet-string network byte order format.
- */
-
- rte_crypto_param cipher;
- /**<
- * Pointer to input data
- * - to be decrypted for RSA private decrypt.
+ * When op_type == RTE_CRYPTO_ASYM_OP_SIGN:
+ *
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
+ * input should only be used along with cryptographically
+ * secure padding scheme. *
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or
+ * RTE_CRYPTO_RSA_PADDING_PSS
+ * if the RTE_CRYPTO_RSA_FLAG_PT flag is set, input shall contain
+ * the message to be signed, if this flag is not set, input shall contain
+ * the digest of the message to be signed.
*
- * Pointer to output data
- * - for RSA public encrypt.
- * In this case the underlying array should have been allocated
- * with enough memory to hold ciphertext output (i.e. must be
- * at least RSA key size). The cipher.length field should
- * be 0 and will be overwritten by the PMD with the encrypted length.
+ * When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT:
+ *
+ * Input shall contain previously encrypted RSA message.
+ *
+ * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
+ *
+ * Input shall contain signature to be verified
*
- * All data is in Octet-string network byte order format.
*/
- rte_crypto_param sign;
+ union {
+ rte_crypto_param output;
+ rte_crypto_param message;
+ };
/**<
- * Pointer to input data
- * - to be verified for RSA public decrypt.
+ * When op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT:
+ *
+ * Output shall contain encrypted data, output.length shall
+ * be set to the length of encrypted data.
+ *
+ * When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT/RTE_CRYPTO_ASYM_OP_SIGN:
+ *
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
+ * output shall contain decrypted/signed data, but all leading zeros
+ * shall be preserved. Therefore output.length should be
+ * equal to the length of the modulus.
*
- * Pointer to output data
- * - for RSA private encrypt.
- * In this case the underlying array should have been allocated
- * with enough memory to hold signature output (i.e. must be
- * at least RSA key size). The sign.length field should
- * be 0 and will be overwritten by the PMD with the signature length.
+ * For other types of padding, output should contain
+ * decrypted data, and output.length shall be set to the length
+ * of decrypted data.
+ *
+ * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
+ *
+ * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
+ * output shall contain the public key decrypted signature.
+ * All leading zeroes shall be preserved.
+ *
+ * For other padding types, the message should be set with data for the
+ * signature to be compared with.
*
- * All data is in Octet-string network byte order format.
*/
- enum rte_crypto_rsa_padding_type pad;
- /**< RSA padding scheme to be used for transform */
-
- enum rte_crypto_auth_algorithm md;
- /**< Hash algorithm to be used for data hash if padding
- * scheme is either OAEP or PSS. Valid hash algorithms
- * are:
- * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
- */
+ struct rte_crypto_rsa_padding padding;
+ /**< RSA padding information */
- enum rte_crypto_auth_algorithm mgf1md;
- /**<
- * Hash algorithm to be used for mask generation if
- * padding scheme is either OAEP or PSS. If padding
- * scheme is unspecified data hash algorithm is used
- * for mask generation. Valid hash algorithms are:
- * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
- */
+ uint64_t flags;
+ /**< RSA configuration flags */
};
/**
--
2.13.6
next reply other threads:[~2022-03-22 8:11 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-22 8:11 Arek Kusztal [this message]
2022-03-22 8:11 ` [RFC PATCH 2/2] test: add proper pkcs1 signature tests for rsa Arek Kusztal
2022-03-22 9:13 ` Kusztal, ArkadiuszX
2022-03-22 10:23 ` Kusztal, ArkadiuszX
2022-03-22 8:53 ` [RFC PATCH 1/2] cryptodev: rsa improvements Kusztal, ArkadiuszX
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220322081128.23733-1-arkadiuszx.kusztal@intel.com \
--to=arkadiuszx.kusztal@intel.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=roy.fan.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).