From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 36CD945AAA; Fri, 4 Oct 2024 08:11:54 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 231C740DD5; Fri, 4 Oct 2024 08:11:54 +0200 (CEST) Received: from mx0a-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id A2F1E40DD5 for ; Fri, 4 Oct 2024 08:11:51 +0200 (CEST) Received: from pps.filterd (m0431384.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 493Hw9QQ002061; Thu, 3 Oct 2024 23:11:45 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h= cc:content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=pfpt0220; bh=m GSOJMxbZWIRIUd+tRyPMoGZ+gBxTX2aMuhF+yAwUms=; b=LTpFxdRL6h2sqiJRa fVni28brsPq4vNI2dmUdzZq6PePEOpqp004KJGFt74AALFa1PH6OVoX1erZoycd2 XGxvF8JLaV81+5Ig39v3My2nCkeMEDkxrH9dFIAwMEt4kDH9I/whNc792IK7Qbpx NitAFCMIBU7CXxb13GU4pkSbMFW+QGNIUtnnfdOhMjzyhO1Erc912c/RZS8mF8nV sv1nx8SsU6uDiQgag/1EuUx4vibFZPemJo0Em3uPDEPKPqEDTB4e72kmDzaCZsRe 1k7nn9nVV0VYG5lxlMO5SW0UiX2K5nkc0b3hQ2iM2vtDB+vubPHOEC50oPpyt/4r 1QVPA== Received: from dc5-exch05.marvell.com ([199.233.59.128]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 42204r95sd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 03 Oct 2024 23:11:44 -0700 (PDT) Received: from DC5-EXCH05.marvell.com (10.69.176.209) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Thu, 3 Oct 2024 23:11:42 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH05.marvell.com (10.69.176.209) with Microsoft SMTP Server id 15.2.1544.4 via Frontend Transport; Thu, 3 Oct 2024 23:11:42 -0700 Received: from BG-LT91401.marvell.com (BG-LT91401.marvell.com [10.28.168.34]) by maili.marvell.com (Postfix) with ESMTP id D48665B6928; Thu, 3 Oct 2024 23:11:33 -0700 (PDT) From: Gowrishankar Muthukrishnan To: , Akhil Goyal , Fan Zhang , Anoob Joseph , Ankur Dwivedi , Tejasree Kondoj , Kai Ji , Brian Dooley , "Gowrishankar Muthukrishnan" CC: , , , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v2 2/2] cryptodev: move RSA padding information into xform Date: Fri, 4 Oct 2024 11:41:05 +0530 Message-ID: <20241004061107.584-3-gmuthukrishn@marvell.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20241004061107.584-1-gmuthukrishn@marvell.com> References: <20240905145612.1732-1-gmuthukrishn@marvell.com> <20241004061107.584-1-gmuthukrishn@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: lN5kHQtIhiO4TI97n-nqeiYXfdE4-WsN X-Proofpoint-ORIG-GUID: lN5kHQtIhiO4TI97n-nqeiYXfdE4-WsN X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.687,Hydra:6.0.235,FMLib:17.0.607.475 definitions=2020-10-13_15,2020-10-13_02,2020-04-07_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org RSA padding information could be a xform entity rather than part of crypto op, as it seems associated with hashing algorithm used for the entire crypto session, where this algorithm is used in message digest itself. Even in virtIO standard spec, this info is associated in the asymmetric session creation. Hence, moving this info from crypto op into xform structure. Signed-off-by: Gowrishankar Muthukrishnan --- app/test/test_cryptodev_asym.c | 10 ++-- app/test/test_cryptodev_rsa_test_vectors.h | 2 + drivers/common/cpt/cpt_ucode_asym.h | 4 +- drivers/crypto/cnxk/cnxk_ae.h | 13 +++-- drivers/crypto/octeontx/otx_cryptodev_ops.c | 4 +- drivers/crypto/openssl/openssl_pmd_private.h | 1 + drivers/crypto/openssl/rte_openssl_pmd.c | 4 +- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 1 + drivers/crypto/qat/qat_asym.c | 17 ++++--- examples/fips_validation/main.c | 52 +++++++++++--------- lib/cryptodev/rte_crypto_asym.h | 6 +-- 11 files changed, 62 insertions(+), 52 deletions(-) diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index f0b5d38543..6cb416ffe3 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -80,7 +80,6 @@ queue_ops_rsa_sign_verify(void *sess) asym_op->rsa.message.length = rsaplaintext.len; asym_op->rsa.sign.length = RTE_DIM(rsa_n); asym_op->rsa.sign.data = output_buf; - asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5; debug_hexdump(stdout, "message", asym_op->rsa.message.data, asym_op->rsa.message.length); @@ -112,7 +111,6 @@ queue_ops_rsa_sign_verify(void *sess) /* Verify sign */ asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY; - asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5; /* Process crypto operation */ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) { @@ -171,7 +169,6 @@ queue_ops_rsa_enc_dec(void *sess) asym_op->rsa.cipher.data = cipher_buf; asym_op->rsa.cipher.length = RTE_DIM(rsa_n); asym_op->rsa.message.length = rsaplaintext.len; - asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5; debug_hexdump(stdout, "message", asym_op->rsa.message.data, asym_op->rsa.message.length); @@ -203,7 +200,6 @@ queue_ops_rsa_enc_dec(void *sess) asym_op = result_op->asym; asym_op->rsa.message.length = RTE_DIM(rsa_n); asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT; - asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5; /* Process crypto operation */ if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) { @@ -3323,7 +3319,6 @@ rsa_encrypt(const struct rsa_test_data_2 *vector, uint8_t *cipher_buf) self->op->asym->rsa.cipher.data = cipher_buf; self->op->asym->rsa.cipher.length = 0; SET_RSA_PARAM(self->op->asym->rsa, vector, message); - self->op->asym->rsa.padding.type = vector->padding; rte_crypto_op_attach_asym_session(self->op, self->sess); TEST_ASSERT_SUCCESS(send_one(), @@ -3347,7 +3342,6 @@ rsa_decrypt(const struct rsa_test_data_2 *vector, uint8_t *plaintext, self->op->asym->rsa.message.data = plaintext; self->op->asym->rsa.message.length = 0; self->op->asym->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT; - self->op->asym->rsa.padding.type = vector->padding; rte_crypto_op_attach_asym_session(self->op, self->sess); TEST_ASSERT_SUCCESS(send_one(), "Failed to process crypto op (Decryption)"); @@ -3389,6 +3383,7 @@ kat_rsa_encrypt(const void *data) SET_RSA_PARAM(xform.rsa, vector, n); SET_RSA_PARAM(xform.rsa, vector, e); SET_RSA_PARAM(xform.rsa, vector, d); + xform.rsa.padding.type = vector->padding; xform.rsa.key_type = RTE_RSA_KEY_TYPE_EXP; int ret = rsa_init_session(&xform); @@ -3419,6 +3414,7 @@ kat_rsa_encrypt_crt(const void *data) SET_RSA_PARAM_QT(xform.rsa, vector, dP); SET_RSA_PARAM_QT(xform.rsa, vector, dQ); SET_RSA_PARAM_QT(xform.rsa, vector, qInv); + xform.rsa.padding.type = vector->padding; xform.rsa.key_type = RTE_RSA_KEY_TYPE_QT; int ret = rsa_init_session(&xform); if (ret) { @@ -3444,6 +3440,7 @@ kat_rsa_decrypt(const void *data) SET_RSA_PARAM(xform.rsa, vector, n); SET_RSA_PARAM(xform.rsa, vector, e); SET_RSA_PARAM(xform.rsa, vector, d); + xform.rsa.padding.type = vector->padding; xform.rsa.key_type = RTE_RSA_KEY_TYPE_EXP; int ret = rsa_init_session(&xform); @@ -3474,6 +3471,7 @@ kat_rsa_decrypt_crt(const void *data) SET_RSA_PARAM_QT(xform.rsa, vector, dP); SET_RSA_PARAM_QT(xform.rsa, vector, dQ); SET_RSA_PARAM_QT(xform.rsa, vector, qInv); + xform.rsa.padding.type = vector->padding; xform.rsa.key_type = RTE_RSA_KEY_TYPE_QT; int ret = rsa_init_session(&xform); if (ret) { diff --git a/app/test/test_cryptodev_rsa_test_vectors.h b/app/test/test_cryptodev_rsa_test_vectors.h index 89981f13f0..1b7b451387 100644 --- a/app/test/test_cryptodev_rsa_test_vectors.h +++ b/app/test/test_cryptodev_rsa_test_vectors.h @@ -345,6 +345,7 @@ struct rte_crypto_asym_xform rsa_xform = { .next = NULL, .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA, .rsa = { + .padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5, .n = { .data = rsa_n, .length = sizeof(rsa_n) @@ -366,6 +367,7 @@ struct rte_crypto_asym_xform rsa_xform_crt = { .next = NULL, .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA, .rsa = { + .padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5, .n = { .data = rsa_n, .length = sizeof(rsa_n) diff --git a/drivers/common/cpt/cpt_ucode_asym.h b/drivers/common/cpt/cpt_ucode_asym.h index e1034bbeb4..5122378ec7 100644 --- a/drivers/common/cpt/cpt_ucode_asym.h +++ b/drivers/common/cpt/cpt_ucode_asym.h @@ -327,7 +327,7 @@ cpt_rsa_prep(struct asym_op_params *rsa_params, /* Result buffer */ rlen = mod_len; - if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { + if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { /* Use mod_exp operation for no_padding type */ vq_cmd_w0.s.opcode.minor = CPT_MINOR_OP_MODEX; vq_cmd_w0.s.param2 = exp_len; @@ -412,7 +412,7 @@ cpt_rsa_crt_prep(struct asym_op_params *rsa_params, /* Result buffer */ rlen = mod_len; - if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { + if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { /*Use mod_exp operation for no_padding type */ vq_cmd_w0.s.opcode.minor = CPT_MINOR_OP_MODEX_CRT; } else { diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h index ef9cb5eb91..1bb5a450c5 100644 --- a/drivers/crypto/cnxk/cnxk_ae.h +++ b/drivers/crypto/cnxk/cnxk_ae.h @@ -177,6 +177,9 @@ cnxk_ae_fill_rsa_params(struct cnxk_ae_sess *sess, rsa->n.length = mod_len; rsa->e.length = exp_len; + /* Set padding info */ + rsa->padding.type = xform->rsa.padding.type; + return 0; } @@ -366,7 +369,7 @@ cnxk_ae_rsa_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf, dptr += in_size; dlen = total_key_len + in_size; - if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { + if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { /* Use mod_exp operation for no_padding type */ w4.s.opcode_minor = ROC_AE_MINOR_OP_MODEX; w4.s.param2 = exp_len; @@ -421,7 +424,7 @@ cnxk_ae_rsa_exp_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf, dptr += in_size; dlen = mod_len + privkey_len + in_size; - if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { + if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { /* Use mod_exp operation for no_padding type */ w4.s.opcode_minor = ROC_AE_MINOR_OP_MODEX; w4.s.param2 = privkey_len; @@ -479,7 +482,7 @@ cnxk_ae_rsa_crt_prep(struct rte_crypto_op *op, struct roc_ae_buf_ptr *meta_buf, dptr += in_size; dlen = total_key_len + in_size; - if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { + if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { /*Use mod_exp operation for no_padding type */ w4.s.opcode_minor = ROC_AE_MINOR_OP_MODEX_CRT; } else { @@ -1151,7 +1154,7 @@ cnxk_ae_dequeue_rsa_op(struct rte_crypto_op *cop, uint8_t *rptr, memcpy(rsa->cipher.data, rptr, rsa->cipher.length); break; case RTE_CRYPTO_ASYM_OP_DECRYPT: - if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { + if (rsa_ctx->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { rsa->message.length = rsa_ctx->n.length; memcpy(rsa->message.data, rptr, rsa->message.length); } else { @@ -1171,7 +1174,7 @@ cnxk_ae_dequeue_rsa_op(struct rte_crypto_op *cop, uint8_t *rptr, memcpy(rsa->sign.data, rptr, rsa->sign.length); break; case RTE_CRYPTO_ASYM_OP_VERIFY: - if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { + if (rsa_ctx->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) { rsa->sign.length = rsa_ctx->n.length; memcpy(rsa->sign.data, rptr, rsa->sign.length); } else { diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c index bafd0c1669..9a758cd297 100644 --- a/drivers/crypto/octeontx/otx_cryptodev_ops.c +++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c @@ -708,7 +708,7 @@ otx_cpt_asym_rsa_op(struct rte_crypto_op *cop, struct cpt_request_info *req, memcpy(rsa->cipher.data, req->rptr, rsa->cipher.length); break; case RTE_CRYPTO_ASYM_OP_DECRYPT: - if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) + if (rsa_ctx->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) rsa->message.length = rsa_ctx->n.length; else { /* Get length of decrypted output */ @@ -725,7 +725,7 @@ otx_cpt_asym_rsa_op(struct rte_crypto_op *cop, struct cpt_request_info *req, memcpy(rsa->sign.data, req->rptr, rsa->sign.length); break; case RTE_CRYPTO_ASYM_OP_VERIFY: - if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) + if (rsa_ctx->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) rsa->sign.length = rsa_ctx->n.length; else { /* Get length of decrypted output */ diff --git a/drivers/crypto/openssl/openssl_pmd_private.h b/drivers/crypto/openssl/openssl_pmd_private.h index 0282b3d829..27551a7999 100644 --- a/drivers/crypto/openssl/openssl_pmd_private.h +++ b/drivers/crypto/openssl/openssl_pmd_private.h @@ -197,6 +197,7 @@ struct __rte_cache_aligned openssl_asym_session { union { struct rsa { RSA *rsa; + uint32_t pad; #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) EVP_PKEY_CTX * ctx; #endif diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index e10a172f46..3db90a768d 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -2699,7 +2699,7 @@ process_openssl_rsa_op_evp(struct rte_crypto_op *cop, struct openssl_asym_session *sess) { struct rte_crypto_asym_op *op = cop->asym; - uint32_t pad = (op->rsa.padding.type); + uint32_t pad = sess->u.r.pad; uint8_t *tmp; size_t outlen = 0; int ret = -1; @@ -3082,7 +3082,7 @@ process_openssl_rsa_op(struct rte_crypto_op *cop, int ret = 0; struct rte_crypto_asym_op *op = cop->asym; RSA *rsa = sess->u.r.rsa; - uint32_t pad = (op->rsa.padding.type); + uint32_t pad = sess->u.r.pad; uint8_t *tmp; cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index b7b612fc57..0fc125d2a3 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -889,6 +889,7 @@ static int openssl_set_asym_session_parameters( if (!n || !e) goto err_rsa; + asym_session->u.r.pad = xform->rsa.padding.type; #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) OSSL_PARAM_BLD * param_bld = OSSL_PARAM_BLD_new(); if (!param_bld) { diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c index e43884e69b..9e97582e22 100644 --- a/drivers/crypto/qat/qat_asym.c +++ b/drivers/crypto/qat/qat_asym.c @@ -362,7 +362,7 @@ rsa_set_pub_input(struct icp_qat_fw_pke_request *qat_req, alg_bytesize = qat_function.bytesize; if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) { - switch (asym_op->rsa.padding.type) { + switch (xform->rsa.padding.type) { case RTE_CRYPTO_RSA_PADDING_NONE: SET_PKE_LN(asym_op->rsa.message, alg_bytesize, 0); break; @@ -374,7 +374,7 @@ rsa_set_pub_input(struct icp_qat_fw_pke_request *qat_req, } HEXDUMP("RSA Message", cookie->input_array[0], alg_bytesize); } else { - switch (asym_op->rsa.padding.type) { + switch (xform->rsa.padding.type) { case RTE_CRYPTO_RSA_PADDING_NONE: SET_PKE_LN(asym_op->rsa.sign, alg_bytesize, 0); break; @@ -460,7 +460,7 @@ rsa_set_priv_input(struct icp_qat_fw_pke_request *qat_req, if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) { - switch (asym_op->rsa.padding.type) { + switch (xform->rsa.padding.type) { case RTE_CRYPTO_RSA_PADDING_NONE: SET_PKE_LN(asym_op->rsa.cipher, alg_bytesize, 0); HEXDUMP("RSA ciphertext", cookie->input_array[0], @@ -474,7 +474,7 @@ rsa_set_priv_input(struct icp_qat_fw_pke_request *qat_req, } else if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN) { - switch (asym_op->rsa.padding.type) { + switch (xform->rsa.padding.type) { case RTE_CRYPTO_RSA_PADDING_NONE: SET_PKE_LN(asym_op->rsa.message, alg_bytesize, 0); HEXDUMP("RSA text to be signed", cookie->input_array[0], @@ -514,7 +514,8 @@ rsa_set_input(struct icp_qat_fw_pke_request *qat_req, static uint8_t rsa_collect(struct rte_crypto_asym_op *asym_op, - const struct qat_asym_op_cookie *cookie) + const struct qat_asym_op_cookie *cookie, + const struct rte_crypto_asym_xform *xform) { uint32_t alg_bytesize = cookie->alg_bytesize; @@ -530,7 +531,7 @@ rsa_collect(struct rte_crypto_asym_op *asym_op, HEXDUMP("RSA Encrypted data", cookie->output_array[0], alg_bytesize); } else { - switch (asym_op->rsa.padding.type) { + switch (xform->rsa.padding.type) { case RTE_CRYPTO_RSA_PADDING_NONE: rte_memcpy(asym_op->rsa.cipher.data, cookie->output_array[0], @@ -547,7 +548,7 @@ rsa_collect(struct rte_crypto_asym_op *asym_op, } } else { if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) { - switch (asym_op->rsa.padding.type) { + switch (xform->rsa.padding.type) { case RTE_CRYPTO_RSA_PADDING_NONE: rte_memcpy(asym_op->rsa.message.data, cookie->output_array[0], @@ -1105,7 +1106,7 @@ qat_asym_collect_response(struct rte_crypto_op *op, case RTE_CRYPTO_ASYM_XFORM_MODINV: return modinv_collect(asym_op, cookie, xform); case RTE_CRYPTO_ASYM_XFORM_RSA: - return rsa_collect(asym_op, cookie); + return rsa_collect(asym_op, cookie, xform); case RTE_CRYPTO_ASYM_XFORM_ECDSA: return ecdsa_collect(asym_op, cookie); case RTE_CRYPTO_ASYM_XFORM_ECPM: diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c index 7ae2c6c007..c7a78b41de 100644 --- a/examples/fips_validation/main.c +++ b/examples/fips_validation/main.c @@ -926,31 +926,7 @@ prepare_rsa_op(void) __rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_ASYMMETRIC); asym = env.op->asym; - asym->rsa.padding.type = info.interim_info.rsa_data.padding; - asym->rsa.padding.hash = info.interim_info.rsa_data.auth; - if (env.digest) { - if (asym->rsa.padding.type == RTE_CRYPTO_RSA_PADDING_PKCS1_5) { - int b_len = 0; - uint8_t b[32]; - - b_len = get_hash_oid(asym->rsa.padding.hash, b); - if (b_len < 0) { - RTE_LOG(ERR, USER1, "Failed to get digest info for hash %d\n", - asym->rsa.padding.hash); - return -EINVAL; - } - - if (b_len) { - msg.len = env.digest_len + b_len; - msg.val = rte_zmalloc(NULL, msg.len, 0); - rte_memcpy(msg.val, b, b_len); - rte_memcpy(msg.val + b_len, env.digest, env.digest_len); - rte_free(env.digest); - env.digest = msg.val; - env.digest_len = msg.len; - } - } msg.val = env.digest; msg.len = env.digest_len; } else { @@ -1536,6 +1512,34 @@ prepare_rsa_xform(struct rte_crypto_asym_xform *xform) xform->rsa.e.length = vec.rsa.e.len; xform->rsa.n.data = vec.rsa.n.val; xform->rsa.n.length = vec.rsa.n.len; + + xform->rsa.padding.type = info.interim_info.rsa_data.padding; + xform->rsa.padding.hash = info.interim_info.rsa_data.auth; + if (env.digest) { + if (xform->rsa.padding.type == RTE_CRYPTO_RSA_PADDING_PKCS1_5) { + struct fips_val msg; + int b_len = 0; + uint8_t b[32]; + + b_len = get_hash_oid(xform->rsa.padding.hash, b); + if (b_len < 0) { + RTE_LOG(ERR, USER1, "Failed to get digest info for hash %d\n", + xform->rsa.padding.hash); + return -EINVAL; + } + + if (b_len) { + msg.len = env.digest_len + b_len; + msg.val = rte_zmalloc(NULL, msg.len, 0); + rte_memcpy(msg.val, b, b_len); + rte_memcpy(msg.val + b_len, env.digest, env.digest_len); + rte_free(env.digest); + env.digest = msg.val; + env.digest_len = msg.len; + } + } + } + return 0; } diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h index c33be3b155..398b6514e3 100644 --- a/lib/cryptodev/rte_crypto_asym.h +++ b/lib/cryptodev/rte_crypto_asym.h @@ -312,6 +312,9 @@ struct rte_crypto_rsa_xform { struct rte_crypto_rsa_priv_key_qt qt; /**< qt - Private key in quintuple format */ }; + + struct rte_crypto_rsa_padding padding; + /**< RSA padding information */ }; /** @@ -447,9 +450,6 @@ struct rte_crypto_rsa_op_param { * This could be validated and overwritten by the PMD * with the signature length. */ - - struct rte_crypto_rsa_padding padding; - /**< RSA padding information */ }; /** -- 2.21.0