From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1F428A0548; Wed, 1 Jun 2022 12:11:51 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id D26EE42BA7; Wed, 1 Jun 2022 12:10:59 +0200 (CEST) Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by mails.dpdk.org (Postfix) with ESMTP id A97B742B8F for ; Wed, 1 Jun 2022 12:10:56 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1654078256; x=1685614256; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=HFeVj/4cv0Ci6lynbxRmzL+GbE9Cpz1Mw2MVMaj514g=; b=kwpGjlTMV+6JCjRIte88yTuMtiCr2SZBghl42sYwhhfCaWd4MFxPX//q xnlMz+2KA56H896TAdD4Wi9AMn8QBukoDCjM3ToWcQO/bZhRCaEKnDnvc Ck9bTiSO9H/cNXjTn9MnJMLtoc5v6Cf+14ZKlH1syv4eRGPzLGj/w5P7/ 5nRVIQfYiuJ8eR5h31iTdp9vBdhx3Ec/LVP8SxMfM5y4fHB8pIOg/nZ9C rR0pEsQY6SiBKNXFcKnLL9wJuq4z1VnFe/ZWiBx5ABZQ+DjIr2kgzeyBk OueaDZq7eOk25anf4gadup1oG2sT1miw5F8OC++vV3DH7E1EW9OGrBqIH A==; X-IronPort-AV: E=McAfee;i="6400,9594,10364"; a="275616496" X-IronPort-AV: E=Sophos;i="5.91,266,1647327600"; d="scan'208";a="275616496" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Jun 2022 03:10:50 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,266,1647327600"; d="scan'208";a="606186058" Received: from silpixa00399302.ir.intel.com ([10.237.214.136]) by orsmga008.jf.intel.com with ESMTP; 01 Jun 2022 03:10:48 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: gakhil@marvell.com, roy.fan.zhang@intel.com, Arek Kusztal Subject: [PATCH v5 10/12] cryptodev: move RSA padding into separate struct Date: Wed, 1 Jun 2022 10:02:47 +0100 Message-Id: <20220601090249.86865-11-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20220601090249.86865-1-arkadiuszx.kusztal@intel.com> References: <20220601090249.86865-1-arkadiuszx.kusztal@intel.com> X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org - move RSA padding into separate struct. More padding members should be added into padding, therefore having separate struct for padding parameters will make this more readable. Signed-off-by: Arek Kusztal --- app/test/test_cryptodev_asym.c | 10 ++-- drivers/common/cpt/cpt_ucode_asym.h | 4 +- drivers/crypto/cnxk/cnxk_ae.h | 8 +-- drivers/crypto/octeontx/otx_cryptodev_ops.c | 4 +- drivers/crypto/openssl/rte_openssl_pmd.c | 2 +- drivers/crypto/qat/qat_asym.c | 12 ++--- lib/cryptodev/rte_crypto_asym.h | 80 ++++++++++++++++------------- 7 files changed, 63 insertions(+), 57 deletions(-) diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index 9d044c65b2..7bd7cde16e 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -94,7 +94,7 @@ queue_ops_rsa_sign_verify(void *sess) asym_op->rsa.message.length = rsaplaintext.len; asym_op->rsa.sign.length = 0; asym_op->rsa.sign.data = output_buf; - asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5; + asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5; debug_hexdump(stdout, "message", asym_op->rsa.message.data, asym_op->rsa.message.length); @@ -126,7 +126,7 @@ queue_ops_rsa_sign_verify(void *sess) /* Verify sign */ asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY; - asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5; + asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5; /* Process crypto operation */ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) { @@ -185,7 +185,7 @@ queue_ops_rsa_enc_dec(void *sess) asym_op->rsa.cipher.data = cipher_buf; asym_op->rsa.cipher.length = 0; asym_op->rsa.message.length = rsaplaintext.len; - asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5; + asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5; debug_hexdump(stdout, "message", asym_op->rsa.message.data, asym_op->rsa.message.length); @@ -217,7 +217,7 @@ queue_ops_rsa_enc_dec(void *sess) asym_op = result_op->asym; asym_op->rsa.message.length = 0; asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT; - asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5; + asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5; /* Process crypto operation */ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) { @@ -414,7 +414,7 @@ test_cryptodev_asym_op(struct crypto_testsuite_params_asym *ts_params, } xform_tc.rsa.key_type = key_type; - op->asym->rsa.pad = data_tc->rsa_data.padding; + op->asym->rsa.padding.type = data_tc->rsa_data.padding; if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) { asym_op->rsa.message.data = data_tc->rsa_data.pt.data; diff --git a/drivers/common/cpt/cpt_ucode_asym.h b/drivers/common/cpt/cpt_ucode_asym.h index f5d91f2583..1105a0c125 100644 --- a/drivers/common/cpt/cpt_ucode_asym.h +++ b/drivers/common/cpt/cpt_ucode_asym.h @@ -327,7 +327,7 @@ cpt_rsa_prep(struct asym_op_params *rsa_params, /* Result buffer */ rlen = mod_len; - if (rsa_op.pad == RTE_CRYPTO_RSA_PADDING_NONE) { + if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { /* Use mod_exp operation for no_padding type */ vq_cmd_w0.s.opcode.minor = CPT_MINOR_OP_MODEX; vq_cmd_w0.s.param2 = exp_len; @@ -412,7 +412,7 @@ cpt_rsa_crt_prep(struct asym_op_params *rsa_params, /* Result buffer */ rlen = mod_len; - if (rsa_op.pad == RTE_CRYPTO_RSA_PADDING_NONE) { + if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { /*Use mod_exp operation for no_padding type */ vq_cmd_w0.s.opcode.minor = CPT_MINOR_OP_MODEX_CRT; } else { diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h index 10854c79c8..0562f72270 100644 --- a/drivers/crypto/cnxk/cnxk_ae.h +++ b/drivers/crypto/cnxk/cnxk_ae.h @@ -288,7 +288,7 @@ cnxk_ae_rsa_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf, dptr += in_size; dlen = total_key_len + in_size; - if (rsa_op.pad == RTE_CRYPTO_RSA_PADDING_NONE) { + if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { /* Use mod_exp operation for no_padding type */ w4.s.opcode_minor = ROC_AE_MINOR_OP_MODEX; w4.s.param2 = exp_len; @@ -347,7 +347,7 @@ cnxk_ae_rsa_crt_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf, dptr += in_size; dlen = total_key_len + in_size; - if (rsa_op.pad == RTE_CRYPTO_RSA_PADDING_NONE) { + if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { /*Use mod_exp operation for no_padding type */ w4.s.opcode_minor = ROC_AE_MINOR_OP_MODEX_CRT; } else { @@ -675,7 +675,7 @@ cnxk_ae_dequeue_rsa_op(struct rte_crypto_op *cop, uint8_t *rptr, memcpy(rsa->cipher.data, rptr, rsa->cipher.length); break; case RTE_CRYPTO_ASYM_OP_DECRYPT: - if (rsa->pad == RTE_CRYPTO_RSA_PADDING_NONE) { + if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { rsa->message.length = rsa_ctx->n.length; memcpy(rsa->message.data, rptr, rsa->message.length); } else { @@ -695,7 +695,7 @@ cnxk_ae_dequeue_rsa_op(struct rte_crypto_op *cop, uint8_t *rptr, memcpy(rsa->sign.data, rptr, rsa->sign.length); break; case RTE_CRYPTO_ASYM_OP_VERIFY: - if (rsa->pad == RTE_CRYPTO_RSA_PADDING_NONE) { + if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { rsa->sign.length = rsa_ctx->n.length; memcpy(rsa->sign.data, rptr, rsa->sign.length); } else { diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c index d5851d9987..914b17decf 100644 --- a/drivers/crypto/octeontx/otx_cryptodev_ops.c +++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c @@ -736,7 +736,7 @@ otx_cpt_asym_rsa_op(struct rte_crypto_op *cop, struct cpt_request_info *req, memcpy(rsa->cipher.data, req->rptr, rsa->cipher.length); break; case RTE_CRYPTO_ASYM_OP_DECRYPT: - if (rsa->pad == RTE_CRYPTO_RSA_PADDING_NONE) + if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) rsa->message.length = rsa_ctx->n.length; else { /* Get length of decrypted output */ @@ -753,7 +753,7 @@ otx_cpt_asym_rsa_op(struct rte_crypto_op *cop, struct cpt_request_info *req, memcpy(rsa->sign.data, req->rptr, rsa->sign.length); break; case RTE_CRYPTO_ASYM_OP_VERIFY: - if (rsa->pad == RTE_CRYPTO_RSA_PADDING_NONE) + if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) rsa->sign.length = rsa_ctx->n.length; else { /* Get length of decrypted output */ diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 8270b01517..6ac2dfff5a 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1896,7 +1896,7 @@ process_openssl_rsa_op(struct rte_crypto_op *cop, int ret = 0; struct rte_crypto_asym_op *op = cop->asym; RSA *rsa = sess->u.r.rsa; - uint32_t pad = (op->rsa.pad); + uint32_t pad = (op->rsa.padding.type); uint8_t *tmp; cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c index d2041b2efa..82a0450aed 100644 --- a/drivers/crypto/qat/qat_asym.c +++ b/drivers/crypto/qat/qat_asym.c @@ -332,7 +332,7 @@ rsa_set_pub_input(struct rte_crypto_asym_op *asym_op, alg_bytesize = qat_function.bytesize; if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) { - switch (asym_op->rsa.pad) { + switch (asym_op->rsa.padding.type) { case RTE_CRYPTO_RSA_PADDING_NONE: SET_PKE_LN(asym_op->rsa.message, alg_bytesize, 0); break; @@ -344,7 +344,7 @@ rsa_set_pub_input(struct rte_crypto_asym_op *asym_op, } HEXDUMP("RSA Message", cookie->input_array[0], alg_bytesize); } else { - switch (asym_op->rsa.pad) { + switch (asym_op->rsa.padding.type) { case RTE_CRYPTO_RSA_PADDING_NONE: SET_PKE_LN(asym_op->rsa.sign, alg_bytesize, 0); break; @@ -430,7 +430,7 @@ rsa_set_priv_input(struct rte_crypto_asym_op *asym_op, if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) { - switch (asym_op->rsa.pad) { + switch (asym_op->rsa.padding.type) { case RTE_CRYPTO_RSA_PADDING_NONE: SET_PKE_LN(asym_op->rsa.cipher, alg_bytesize, 0); HEXDUMP("RSA ciphertext", cookie->input_array[0], @@ -444,7 +444,7 @@ rsa_set_priv_input(struct rte_crypto_asym_op *asym_op, } else if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN) { - switch (asym_op->rsa.pad) { + switch (asym_op->rsa.padding.type) { case RTE_CRYPTO_RSA_PADDING_NONE: SET_PKE_LN(asym_op->rsa.message, alg_bytesize, 0); HEXDUMP("RSA text to be signed", cookie->input_array[0], @@ -503,7 +503,7 @@ rsa_collect(struct rte_crypto_asym_op *asym_op, } else { uint8_t *rsa_result = asym_op->rsa.cipher.data; - switch (asym_op->rsa.pad) { + switch (asym_op->rsa.padding.type) { case RTE_CRYPTO_RSA_PADDING_NONE: rte_memcpy(rsa_result, cookie->output_array[0], @@ -521,7 +521,7 @@ rsa_collect(struct rte_crypto_asym_op *asym_op, if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) { uint8_t *rsa_result = asym_op->rsa.message.data; - switch (asym_op->rsa.pad) { + switch (asym_op->rsa.padding.type) { case RTE_CRYPTO_RSA_PADDING_NONE: rte_memcpy(rsa_result, cookie->output_array[0], diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index 5f6bf41e68..ae0b62c22f 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -236,6 +236,47 @@ struct rte_crypto_rsa_priv_key_qt { }; /** + * RSA padding type + */ +struct rte_crypto_rsa_padding { + enum rte_crypto_rsa_padding_type type; + /**< RSA padding scheme to be used for transform */ + enum rte_crypto_auth_algorithm md; + /**< + * RSA padding hash algorithm + * Valid hash algorithms are: + * MD5, SHA1, SHA224, SHA256, SHA384, SHA512 + * + * When a specific padding type is selected, the following rules apply: + * - RTE_CRYPTO_RSA_PADDING_NONE: + * This field is ignored by the PMD + * + * - RTE_CRYPTO_RSA_PADDING_PKCS1_5: + * When signing an operation this field is used to determine value + * of the DigestInfo structure, therefore specifying which algorithm + * was used to create the message digest. + * When doing encryption/decryption this field is ignored for this + * padding type. + * + * - RTE_CRYPTO_RSA_PADDING_OAEP + * This field shall be set with the hash algorithm used + * in the padding scheme + * + * - RTE_CRYPTO_RSA_PADDING_PSS + * This field shall be set with the hash algorithm used + * in the padding scheme (and to create the input message digest) + */ + enum rte_crypto_auth_algorithm mgf1md; + /**< + * Hash algorithm to be used for mask generation if the + * padding scheme is either OAEP or PSS. If the padding + * scheme is unspecified a data hash algorithm is used + * for mask generation. Valid hash algorithms are: + * MD5, SHA1, SHA224, SHA256, SHA384, SHA512 + */ +}; + +/** * Asymmetric RSA transform data * * Structure describing RSA xform params @@ -391,43 +432,8 @@ struct rte_crypto_rsa_op_param { * All data is in Octet-string network byte order format. */ - enum rte_crypto_rsa_padding_type pad; - /**< RSA padding scheme to be used for transform */ - - enum rte_crypto_auth_algorithm md; - /**< - * RSA padding hash algorithm - * Valid hash algorithms are: - * MD5, SHA1, SHA224, SHA256, SHA384, SHA512 - * - * When a specific padding type is selected, the following rule apply: - * - RTE_CRYPTO_RSA_PADDING_NONE: - * This field is ignored by the PMD - * - * - RTE_CRYPTO_RSA_PADDING_PKCS1_5: - * For sign operation, this field is used to determine value - * of the DigestInfo structure, therefore specifying which algorithm - * was used to create the message digest. - * For encryption/decryption, this field is ignored for this - * padding type. - * - * - RTE_CRYPTO_RSA_PADDING_OAEP - * This field shall be set with the hash algorithm used - * in the padding scheme - * - * - RTE_CRYPTO_RSA_PADDING_PSS - * This field shall be set with the hash algorithm used - * in the padding scheme (and to create the input message digest) - */ - - enum rte_crypto_auth_algorithm mgf1md; - /**< - * Hash algorithm to be used for mask generation if - * padding scheme is either OAEP or PSS. If padding - * scheme is unspecified data hash algorithm is used - * for mask generation. Valid hash algorithms are: - * MD5, SHA1, SHA224, SHA256, SHA384, SHA512 - */ + struct rte_crypto_rsa_padding padding; + /**< RSA padding information */ }; /** -- 2.13.6