All of lore.kernel.org
 help / color / mirror / Atom feed
* [RFC PATCH 1/2] cryptodev: rsa improvements
@ 2022-03-22  8:11 Arek Kusztal
  2022-03-22  8:11 ` [RFC PATCH 2/2] test: add proper pkcs1 signature tests for rsa Arek Kusztal
  2022-03-22  8:53 ` [RFC PATCH 1/2] cryptodev: rsa improvements Kusztal, ArkadiuszX
  0 siblings, 2 replies; 5+ messages in thread
From: Arek Kusztal @ 2022-03-22  8:11 UTC (permalink / raw)
  To: dev; +Cc: gakhil, roy.fan.zhang, anoobj, Arek Kusztal

This commit reworks rsa implementation.

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 app/test/test_cryptodev_asym.c             |  90 +++++++------
 app/test/test_cryptodev_asym_util.h        |   4 +-
 drivers/crypto/meson.build                 |   4 +-
 drivers/crypto/openssl/rte_openssl_pmd.c   |  36 ++---
 drivers/crypto/qat/dev/qat_asym_pmd_gen1.c |   2 +
 drivers/crypto/qat/qat_asym.c              |  28 ++--
 lib/cryptodev/rte_crypto_asym.h            | 202 +++++++++++++++++++++--------
 7 files changed, 235 insertions(+), 131 deletions(-)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 573af2a537..71378cbdb2 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -75,6 +75,7 @@ queue_ops_rsa_sign_verify(void *sess)
 	struct rte_crypto_op *op, *result_op;
 	struct rte_crypto_asym_op *asym_op;
 	uint8_t output_buf[TEST_DATA_SIZE];
+	uint8_t input_sign[TEST_DATA_SIZE];
 	int status = TEST_SUCCESS;
 
 	/* Set up crypto op data structure */
@@ -90,14 +91,14 @@ queue_ops_rsa_sign_verify(void *sess)
 	/* Compute sign on the test vector */
 	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_SIGN;
 
-	asym_op->rsa.message.data = rsaplaintext.data;
-	asym_op->rsa.message.length = rsaplaintext.len;
-	asym_op->rsa.sign.length = 0;
-	asym_op->rsa.sign.data = output_buf;
-	asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
+	asym_op->rsa.input.data = rsaplaintext.data;
+	asym_op->rsa.input.length = rsaplaintext.len;
+	asym_op->rsa.output.length = 0;
+	asym_op->rsa.output.data = output_buf;
+	asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
 
-	debug_hexdump(stdout, "message", asym_op->rsa.message.data,
-		      asym_op->rsa.message.length);
+	debug_hexdump(stdout, "message", asym_op->rsa.input.data,
+		      asym_op->rsa.input.length);
 
 	/* Attach asymmetric crypto session to crypto operations */
 	rte_crypto_op_attach_asym_session(op, sess);
@@ -120,13 +121,18 @@ queue_ops_rsa_sign_verify(void *sess)
 		goto error_exit;
 	}
 
-	debug_hexdump(stdout, "signed message", asym_op->rsa.sign.data,
-		      asym_op->rsa.sign.length);
+	debug_hexdump(stdout, "signed message", asym_op->rsa.output.data,
+		      asym_op->rsa.output.length);
 	asym_op = result_op->asym;
 
 	/* Verify sign */
+	memcpy(input_sign, asym_op->rsa.output.data, asym_op->rsa.output.length);
+	asym_op->rsa.input.data = input_sign;
+	asym_op->rsa.input.length = asym_op->rsa.output.length;
+	asym_op->rsa.message.data = rsaplaintext.data;
+	asym_op->rsa.message.length = rsaplaintext.len;
 	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
-	asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
+	asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
 
 	/* Process crypto operation */
 	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
@@ -181,14 +187,14 @@ queue_ops_rsa_enc_dec(void *sess)
 	/* Compute encryption on the test vector */
 	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
 
-	asym_op->rsa.message.data = rsaplaintext.data;
-	asym_op->rsa.cipher.data = cipher_buf;
-	asym_op->rsa.cipher.length = 0;
-	asym_op->rsa.message.length = rsaplaintext.len;
-	asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
+	asym_op->rsa.input.data = rsaplaintext.data;
+	asym_op->rsa.output.data = cipher_buf;
+	asym_op->rsa.output.length = 0;
+	asym_op->rsa.input.length = rsaplaintext.len;
+	asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
 
-	debug_hexdump(stdout, "message", asym_op->rsa.message.data,
-		      asym_op->rsa.message.length);
+	debug_hexdump(stdout, "message", asym_op->rsa.input.data,
+		      asym_op->rsa.input.length);
 
 	/* Attach asymmetric crypto session to crypto operations */
 	rte_crypto_op_attach_asym_session(op, sess);
@@ -210,14 +216,14 @@ queue_ops_rsa_enc_dec(void *sess)
 		status = TEST_FAILED;
 		goto error_exit;
 	}
-	debug_hexdump(stdout, "encrypted message", asym_op->rsa.message.data,
-		      asym_op->rsa.message.length);
+	debug_hexdump(stdout, "encrypted message", asym_op->rsa.input.data,
+		      asym_op->rsa.input.length);
 
 	/* Use the resulted output as decryption Input vector*/
 	asym_op = result_op->asym;
-	asym_op->rsa.message.length = 0;
+	asym_op->rsa.input.length = 0;
 	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
-	asym_op->rsa.pad = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
+	asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
 
 	/* Process crypto operation */
 	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
@@ -270,20 +276,20 @@ test_cryptodev_asym_ver(struct rte_crypto_op *op,
 	case RTE_CRYPTO_ASYM_XFORM_RSA:
 		if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
 			data_size = xform_tc->rsa.n.length;
-			data_received = result_op->asym->rsa.cipher.data;
+			data_received = result_op->asym->rsa.output.data;
 			data_expected = data_tc->rsa_data.ct.data;
 		} else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
 			data_size = xform_tc->rsa.n.length;
 			data_expected = data_tc->rsa_data.pt.data;
-			data_received = result_op->asym->rsa.message.data;
+			data_received = result_op->asym->rsa.output.data;
 		} else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
 			data_size = xform_tc->rsa.n.length;
 			data_expected = data_tc->rsa_data.sign.data;
-			data_received = result_op->asym->rsa.sign.data;
+			data_received = result_op->asym->rsa.output.data;
 		} else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_VERIFY) {
 			data_size = xform_tc->rsa.n.length;
 			data_expected = data_tc->rsa_data.pt.data;
-			data_received = result_op->asym->rsa.cipher.data;
+			data_received = result_op->asym->rsa.output.data;
 		}
 		break;
 	case RTE_CRYPTO_ASYM_XFORM_DH:
@@ -414,28 +420,28 @@ test_cryptodev_asym_op(struct crypto_testsuite_params_asym *ts_params,
 		}
 
 		xform_tc.rsa.key_type = key_type;
-		op->asym->rsa.pad = data_tc->rsa_data.padding;
+		op->asym->rsa.padding.type = data_tc->rsa_data.padding;
 
 		if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
-			asym_op->rsa.message.data = data_tc->rsa_data.pt.data;
-			asym_op->rsa.message.length = data_tc->rsa_data.pt.len;
-			asym_op->rsa.cipher.data = result;
-			asym_op->rsa.cipher.length = data_tc->rsa_data.n.len;
+			asym_op->rsa.input.data = data_tc->rsa_data.pt.data;
+			asym_op->rsa.input.length = data_tc->rsa_data.pt.len;
+			asym_op->rsa.output.data = result;
+			asym_op->rsa.output.length = data_tc->rsa_data.n.len;
 		} else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
-			asym_op->rsa.message.data = result;
-			asym_op->rsa.message.length = data_tc->rsa_data.n.len;
-			asym_op->rsa.cipher.data = data_tc->rsa_data.ct.data;
-			asym_op->rsa.cipher.length = data_tc->rsa_data.ct.len;
+			asym_op->rsa.output.data = result;
+			asym_op->rsa.output.length = data_tc->rsa_data.n.len;
+			asym_op->rsa.input.data = data_tc->rsa_data.ct.data;
+			asym_op->rsa.input.length = data_tc->rsa_data.ct.len;
 		} else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN) {
-			asym_op->rsa.sign.data = result;
-			asym_op->rsa.sign.length = data_tc->rsa_data.n.len;
-			asym_op->rsa.message.data = data_tc->rsa_data.pt.data;
-			asym_op->rsa.message.length = data_tc->rsa_data.pt.len;
+			asym_op->rsa.output.data = result;
+			asym_op->rsa.output.length = data_tc->rsa_data.n.len;
+			asym_op->rsa.input.data = data_tc->rsa_data.pt.data;
+			asym_op->rsa.input.length = data_tc->rsa_data.pt.len;
 		} else if (op->asym->rsa.op_type == RTE_CRYPTO_ASYM_OP_VERIFY) {
-			asym_op->rsa.cipher.data = result;
-			asym_op->rsa.cipher.length = data_tc->rsa_data.n.len;
-			asym_op->rsa.sign.data = data_tc->rsa_data.sign.data;
-			asym_op->rsa.sign.length = data_tc->rsa_data.sign.len;
+			asym_op->rsa.input.data = data_tc->rsa_data.sign.data;
+			asym_op->rsa.input.length = data_tc->rsa_data.sign.len;
+			asym_op->rsa.output.data = result;
+			asym_op->rsa.output.length = data_tc->rsa_data.n.len;
 		}
 		break;
 	case RTE_CRYPTO_ASYM_XFORM_DH:
diff --git a/app/test/test_cryptodev_asym_util.h b/app/test/test_cryptodev_asym_util.h
index 83dc265dd7..175a6a4307 100644
--- a/app/test/test_cryptodev_asym_util.h
+++ b/app/test/test_cryptodev_asym_util.h
@@ -11,8 +11,8 @@ static inline int rsa_verify(struct rsa_test_data *rsa_param,
 		struct rte_crypto_op *result_op)
 {
 	if (memcmp(rsa_param->data,
-				result_op->asym->rsa.message.data,
-				result_op->asym->rsa.message.length))
+				result_op->asym->rsa.input.data,
+				result_op->asym->rsa.input.length))
 		return -1;
 	return 0;
 }
diff --git a/drivers/crypto/meson.build b/drivers/crypto/meson.build
index 147b8cf633..4d83b45ca5 100644
--- a/drivers/crypto/meson.build
+++ b/drivers/crypto/meson.build
@@ -7,7 +7,7 @@ drivers = [
         'bcmfs',
         'caam_jr',
         'ccp',
-        'cnxk',
+#        'cnxk',
         'dpaa_sec',
         'dpaa2_sec',
         'ipsec_mb',
@@ -15,7 +15,7 @@ drivers = [
         'mvsam',
         'nitrox',
         'null',
-        'octeontx',
+#        'octeontx',
         'openssl',
         'scheduler',
         'virtio',
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index d80e1052e2..45cee47c5d 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1897,7 +1897,7 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
 	int ret = 0;
 	struct rte_crypto_asym_op *op = cop->asym;
 	RSA *rsa = sess->u.r.rsa;
-	uint32_t pad = (op->rsa.pad);
+	uint32_t pad = (op->rsa.padding.type);
 	uint8_t *tmp;
 
 	cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
@@ -1918,47 +1918,47 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
 
 	switch (op->rsa.op_type) {
 	case RTE_CRYPTO_ASYM_OP_ENCRYPT:
-		ret = RSA_public_encrypt(op->rsa.message.length,
-				op->rsa.message.data,
-				op->rsa.cipher.data,
+		ret = RSA_public_encrypt(op->rsa.input.length,
+				op->rsa.input.data,
+				op->rsa.output.data,
 				rsa,
 				pad);
 
 		if (ret > 0)
-			op->rsa.cipher.length = ret;
+			op->rsa.output.length = ret;
 		OPENSSL_LOG(DEBUG,
 				"length of encrypted text %d\n", ret);
 		break;
 
 	case RTE_CRYPTO_ASYM_OP_DECRYPT:
-		ret = RSA_private_decrypt(op->rsa.cipher.length,
-				op->rsa.cipher.data,
-				op->rsa.message.data,
+		ret = RSA_private_decrypt(op->rsa.input.length,
+				op->rsa.input.data,
+				op->rsa.output.data,
 				rsa,
 				pad);
 		if (ret > 0)
-			op->rsa.message.length = ret;
+			op->rsa.output.length = ret;
 		break;
 
 	case RTE_CRYPTO_ASYM_OP_SIGN:
-		ret = RSA_private_encrypt(op->rsa.message.length,
-				op->rsa.message.data,
-				op->rsa.sign.data,
+		ret = RSA_private_encrypt(op->rsa.input.length,
+				op->rsa.input.data,
+				op->rsa.output.data,
 				rsa,
 				pad);
 		if (ret > 0)
-			op->rsa.sign.length = ret;
+			op->rsa.output.length = ret;
 		break;
 
 	case RTE_CRYPTO_ASYM_OP_VERIFY:
-		tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
+		tmp = rte_malloc(NULL, op->rsa.input.length, 0);
 		if (tmp == NULL) {
 			OPENSSL_LOG(ERR, "Memory allocation failed");
 			cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
 			break;
 		}
-		ret = RSA_public_decrypt(op->rsa.sign.length,
-				op->rsa.sign.data,
+		ret = RSA_public_decrypt(op->rsa.input.length,
+				op->rsa.input.data,
 				tmp,
 				rsa,
 				pad);
@@ -1966,9 +1966,9 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
 		OPENSSL_LOG(DEBUG,
 				"Length of public_decrypt %d "
 				"length of message %zd\n",
-				ret, op->rsa.message.length);
+				ret, op->rsa.input.length);
 		if ((ret <= 0) || (CRYPTO_memcmp(tmp, op->rsa.message.data,
-				op->rsa.message.length))) {
+				op->rsa.input.length))) {
 			OPENSSL_LOG(ERR, "RSA sign Verification failed");
 			cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
 		}
diff --git a/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c b/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
index 4499fdaf2d..b84e2963b0 100644
--- a/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
+++ b/drivers/crypto/qat/dev/qat_asym_pmd_gen1.c
@@ -4,10 +4,12 @@
 
 #include <rte_cryptodev.h>
 #include <cryptodev_pmd.h>
+#include <rte_bitops.h>
 #include "qat_asym.h"
 #include "qat_crypto.h"
 #include "qat_crypto_pmd_gens.h"
 
+
 struct rte_cryptodev_ops qat_asym_crypto_ops_gen1 = {
 	/* Device related operations */
 	.dev_configure		= qat_cryptodev_config,
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index 479d5308cf..cb2b47acbb 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -345,9 +345,9 @@ rsa_set_pub_input(struct rte_crypto_asym_op *asym_op,
 	alg_bytesize = qat_function.bytesize;
 
 	if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
-		switch (asym_op->rsa.pad) {
+		switch (asym_op->rsa.padding.type) {
 		case RTE_CRYPTO_RSA_PADDING_NONE:
-			SET_PKE_LN(cookie->input_array, asym_op->rsa.message,
+			SET_PKE_LN(cookie->input_array, asym_op->rsa.input,
 					alg_bytesize, 0);
 			break;
 		default:
@@ -358,9 +358,9 @@ rsa_set_pub_input(struct rte_crypto_asym_op *asym_op,
 		}
 		HEXDUMP("RSA Message", cookie->input_array[0], alg_bytesize);
 	} else {
-		switch (asym_op->rsa.pad) {
+		switch (asym_op->rsa.padding.type) {
 		case RTE_CRYPTO_RSA_PADDING_NONE:
-			SET_PKE_LN(cookie->input_array, asym_op->rsa.sign,
+			SET_PKE_LN(cookie->input_array, asym_op->rsa.input,
 					alg_bytesize, 0);
 			break;
 		default:
@@ -454,9 +454,9 @@ rsa_set_priv_input(struct rte_crypto_asym_op *asym_op,
 
 	if (asym_op->rsa.op_type ==
 			RTE_CRYPTO_ASYM_OP_DECRYPT) {
-		switch (asym_op->rsa.pad) {
+		switch (asym_op->rsa.padding.type) {
 		case RTE_CRYPTO_RSA_PADDING_NONE:
-			SET_PKE_LN(cookie->input_array, asym_op->rsa.cipher,
+			SET_PKE_LN(cookie->input_array, asym_op->rsa.input,
 				alg_bytesize, 0);
 			HEXDUMP("RSA ciphertext", cookie->input_array[0],
 				alg_bytesize);
@@ -469,9 +469,9 @@ rsa_set_priv_input(struct rte_crypto_asym_op *asym_op,
 
 	} else if (asym_op->rsa.op_type ==
 			RTE_CRYPTO_ASYM_OP_SIGN) {
-		switch (asym_op->rsa.pad) {
+		switch (asym_op->rsa.padding.type) {
 		case RTE_CRYPTO_RSA_PADDING_NONE:
-			SET_PKE_LN(cookie->input_array, asym_op->rsa.message,
+			SET_PKE_LN(cookie->input_array, asym_op->rsa.input,
 				alg_bytesize, 0);
 			HEXDUMP("RSA text to be signed", cookie->input_array[0],
 				alg_bytesize);
@@ -519,7 +519,7 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
 
 		if (asym_op->rsa.op_type ==
 				RTE_CRYPTO_ASYM_OP_ENCRYPT) {
-			uint8_t *rsa_result = asym_op->rsa.cipher.data;
+			uint8_t *rsa_result = asym_op->rsa.output.data;
 
 			rte_memcpy(rsa_result,
 					cookie->output_array[0],
@@ -527,9 +527,9 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
 			HEXDUMP("RSA Encrypted data", cookie->output_array[0],
 				alg_bytesize);
 		} else {
-			uint8_t *rsa_result = asym_op->rsa.cipher.data;
+			uint8_t *rsa_result = asym_op->rsa.output.data;
 
-			switch (asym_op->rsa.pad) {
+			switch (asym_op->rsa.padding.type) {
 			case RTE_CRYPTO_RSA_PADDING_NONE:
 				rte_memcpy(rsa_result,
 						cookie->output_array[0],
@@ -545,9 +545,9 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
 		}
 	} else {
 		if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_DECRYPT) {
-			uint8_t *rsa_result = asym_op->rsa.message.data;
+			uint8_t *rsa_result = asym_op->rsa.output.data;
 
-			switch (asym_op->rsa.pad) {
+			switch (asym_op->rsa.padding.type) {
 			case RTE_CRYPTO_RSA_PADDING_NONE:
 				rte_memcpy(rsa_result,
 					cookie->output_array[0],
@@ -561,7 +561,7 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
 				return RTE_CRYPTO_OP_STATUS_ERROR;
 			}
 		} else {
-			uint8_t *rsa_result = asym_op->rsa.sign.data;
+			uint8_t *rsa_result = asym_op->rsa.output.data;
 
 			rte_memcpy(rsa_result,
 					cookie->output_array[0],
diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
index cd24d4b07b..834e06b96b 100644
--- a/lib/cryptodev/rte_crypto_asym.h
+++ b/lib/cryptodev/rte_crypto_asym.h
@@ -50,6 +50,19 @@ enum rte_crypto_ec_group {
 	RTE_CRYPTO_EC_GROUP_SECP521R1 = 25,
 };
 
+/**<
+ * When set, message instead of message digest should be
+ * provided as an input for signature generation
+ */
+#define RTE_CRYPTO_RSA_FLAG_PT
+/**<
+ * When set, algorithmIdentifier is not added to message digest,
+ * therefore not forming digestInfo struct. PKCS1 v1.5 padding
+ * is added without further changes.
+ */
+#define RTE_CRYPTO_RSA_FLAG_PKCS1_NO_ASN1
+
+
 /**
  * Asymmetric crypto transformation types.
  * Each xform type maps to one asymmetric algorithm
@@ -118,6 +131,21 @@ enum rte_crypto_asym_op_type {
 	RTE_CRYPTO_ASYM_OP_LIST_END
 };
 
+enum rte_crypto_mgf {
+	RTE_CRYPTO_MGF_DEFAULT,
+	/**< Default mask generation function */
+	RTE_CRYPTO_MGF_MGF1_SHA1,
+	/**< MGF1 function with SHA1 hash algorithm */
+	RTE_CRYPTO_MGF_MGF1_SHA224,
+	/**< MGF1 function with SHA224 hash algorithm */
+	RTE_CRYPTO_MGF_MGF1_SHA256,
+	/**< MGF1 function with SHA256 hash algorithm */
+	RTE_CRYPTO_MGF_MGF1_SHA384,
+	/**< MGF1 function with SHA384 hash algorithm */
+	RTE_CRYPTO_MGF_MGF1_SHA512,
+	/**< MGF1 function with SHA512 hash algorithm */
+};
+
 /**
  * Padding types for RSA signature.
  */
@@ -162,6 +190,11 @@ enum rte_crypto_rsa_priv_key_type {
  * and the device supports CSRNG, 'data' should be set to NULL.
  * The crypto parameter in question will not be used by the PMD,
  * as it is internally generated.
+ *
+ * In case an allocated buffer is used to return data from the PMD,
+ * i.e. encrypted/decrypted data or signature, it should be allocated
+ * with enough memory to hold the expected output. The length field will be set
+ * with the length of the data returned by the PMD.
  */
 typedef struct rte_crypto_param_t {
 	uint8_t *data;
@@ -170,6 +203,8 @@ typedef struct rte_crypto_param_t {
 	/**< IO address of data buffer */
 	size_t length;
 	/**< length of data in bytes */
+	uint32_t capacity;
+	/**< capacity of this buffer in bytes */
 } rte_crypto_param;
 
 /** Unsigned big-integer in big-endian format */
@@ -311,6 +346,62 @@ struct rte_crypto_mod_op_param {
 };
 
 /**
+ * RSA padding type
+ */
+struct rte_crypto_rsa_padding {
+	enum rte_crypto_rsa_padding_type type;
+	/**< Type of RSA padding */
+	enum rte_crypto_auth_algorithm hash;
+	/**<
+	 * RSA padding hash function
+	 *
+	 * When a specific padding type is selected, the following rules applies:
+	 * - RTE_CRYPTO_RSA_PADDING_NONE:
+	 * This field is ignored by the PMD
+	 *
+	 * - RTE_CRYPTO_RSA_PADDING_PKCS1_5:
+	 * When signing operation this field is used to determine value
+	 * of the DigestInfo structure, therefore specifying which algorithm
+	 * was used to create the message digest.
+	 * When doing encryption/decryption this field is ignored for this
+	 * padding type.
+	 *
+	 * - RTE_CRYPTO_RSA_PADDING_OAEP
+	 * This field shall be set with the hash algorithm used
+	 * in the padding scheme
+	 *
+	 * - RTE_CRYPTO_RSA_PADDING_PSS
+	 * This field shall be set with the hash algorithm used
+	 * in the padding scheme (and to create the input message digest)
+	 */
+	enum rte_crypto_mgf mgf;
+	/**<
+	 * RSA padding mask generation function
+	 *
+	 * Used only for OAEP and PSS padding, otherwise ignored
+	 * by the PMD.
+	 * If RTE_CRYPTO_MGF_DEFAULT is selected, the default mask generation
+	 * function defined by RFC standard is used with the hash function
+	 * selected in the hash field.
+	 */
+	uint16_t saltlen;
+	/**<
+	 * RSA PSS padding salt length
+	 *
+	 * Used only when RTE_CRYPTO_RSA_PADDING_PSS padding is selected,
+	 * otherwise ignored.
+	 */
+	rte_crypto_param label;
+	/**<
+	 * RSA OAEP padding optional label
+	 *
+	 * Used only when RTE_CRYPTO_RSA_PADDING_OAEP padding is selected,
+	 * otherwise ignored. If label.data == NULL, a default label (empty string)
+	 * is used.
+	 */
+};
+
+/**
  * RSA operation params
  *
  */
@@ -318,72 +409,77 @@ struct rte_crypto_rsa_op_param {
 	enum rte_crypto_asym_op_type op_type;
 	/**< Type of RSA operation for transform */
 
-	rte_crypto_param message;
+	rte_crypto_param input;
 	/**<
-	 * Pointer to input data
-	 * - to be encrypted for RSA public encrypt.
-	 * - to be signed for RSA sign generation.
-	 * - to be authenticated for RSA sign verification.
+	 * When op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT:
 	 *
-	 * Pointer to output data
-	 * - for RSA private decrypt.
-	 * In this case the underlying array should have been
-	 * allocated with enough memory to hold plaintext output
-	 * (i.e. must be at least RSA key size). The message.length
-	 * field should be 0 and will be overwritten by the PMD
-	 * with the decrypted length.
+	 * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
+	 * input should only be used along with cryptographically
+	 * secure padding scheme.
+	 * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5
+	 * input shall be no longer than public modulus minus 11.
+	 * If padding.type = RTE_CRYPTO_RSA_PADDING_OAEP
+	 * input shall be no longer than public modulus -
+	 * 2 * len(hash) - 2.
 	 *
-	 * All data is in Octet-string network byte order format.
-	 */
-
-	rte_crypto_param cipher;
-	/**<
-	 * Pointer to input data
-	 * - to be decrypted for RSA private decrypt.
+	 * When op_type == RTE_CRYPTO_ASYM_OP_SIGN:
+	 *
+	 * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
+	 * input should only be used along with cryptographically
+	 * secure padding scheme.	 *
+	 * If padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5 or
+	 * RTE_CRYPTO_RSA_PADDING_PSS
+	 * if the RTE_CRYPTO_RSA_FLAG_PT flag is set, input shall contain
+	 * the message to be signed, if this flag is not set, input shall contain
+	 * the digest of the message to be signed.
 	 *
-	 * Pointer to output data
-	 * - for RSA public encrypt.
-	 * In this case the underlying array should have been allocated
-	 * with enough memory to hold ciphertext output (i.e. must be
-	 * at least RSA key size). The cipher.length field should
-	 * be 0 and will be overwritten by the PMD with the encrypted length.
+	 * When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT:
+	 * 
+	 * Input shall contain previously encrypted RSA message.
+	 *
+	 * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
+	 *
+	 * Input shall contain signature to be verified
 	 *
-	 * All data is in Octet-string network byte order format.
 	 */
 
-	rte_crypto_param sign;
+	union { 
+		rte_crypto_param output;
+		rte_crypto_param message;
+	};
 	/**<
-	 * Pointer to input data
-	 * - to be verified for RSA public decrypt.
+	 * When op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT:
+	 *
+	 * Output shall contain encrypted data, output.length shall
+	 * be set to the length of encrypted data.
+	 *	 
+	 * When op_type == RTE_CRYPTO_ASYM_OP_DECRYPT/RTE_CRYPTO_ASYM_OP_SIGN:
+	 *
+	 * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
+	 * output shall contain decrypted/signed data, but all leading zeros
+	 * shall be preserved. Therefore output.length should be
+	 * equal to the length of the modulus.
 	 *
-	 * Pointer to output data
-	 * - for RSA private encrypt.
-	 * In this case the underlying array should have been allocated
-	 * with enough memory to hold signature output (i.e. must be
-	 * at least RSA key size). The sign.length field should
-	 * be 0 and will be overwritten by the PMD with the signature length.
+	 * For other types of padding, output should contain
+	 * decrypted data, and output.length shall be set to the length
+	 * of decrypted data.
+	 * 
+	 * When op_type == RTE_CRYPTO_ASYM_OP_VERIFY:
+	 * 
+	 * If padding.type = RTE_CRYPTO_RSA_PADDING_NONE
+	 * output shall contain the public key decrypted signature.
+	 * All leading zeroes shall be preserved.
+	 *
+	 * For other padding types, the message should be set with data for the
+	 * signature to be compared with.
 	 *
-	 * All data is in Octet-string network byte order format.
 	 */
 
-	enum rte_crypto_rsa_padding_type pad;
-	/**< RSA padding scheme to be used for transform */
-
-	enum rte_crypto_auth_algorithm md;
-	/**< Hash algorithm to be used for data hash if padding
-	 * scheme is either OAEP or PSS. Valid hash algorithms
-	 * are:
-	 * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
-	 */
+	struct rte_crypto_rsa_padding padding;
+	/**< RSA padding information */
 
-	enum rte_crypto_auth_algorithm mgf1md;
-	/**<
-	 * Hash algorithm to be used for mask generation if
-	 * padding scheme is either OAEP or PSS. If padding
-	 * scheme is unspecified data hash algorithm is used
-	 * for mask generation. Valid hash algorithms are:
-	 * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
-	 */
+	uint64_t flags;
+	/**< RSA configuration flags */
 };
 
 /**
-- 
2.13.6


^ permalink raw reply related	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-03-22 10:23 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-22  8:11 [RFC PATCH 1/2] cryptodev: rsa improvements Arek Kusztal
2022-03-22  8:11 ` [RFC PATCH 2/2] test: add proper pkcs1 signature tests for rsa Arek Kusztal
2022-03-22  9:13   ` Kusztal, ArkadiuszX
2022-03-22 10:23     ` Kusztal, ArkadiuszX
2022-03-22  8:53 ` [RFC PATCH 1/2] cryptodev: rsa improvements Kusztal, ArkadiuszX

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.