From patchwork Thu Jul 12 14:08:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shally Verma X-Patchwork-Id: 42979 X-Patchwork-Delegate: pablo.de.lara.guarch@intel.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 5DB611B472; Thu, 12 Jul 2018 16:09:21 +0200 (CEST) Received: from NAM05-DM3-obe.outbound.protection.outlook.com (mail-eopbgr730078.outbound.protection.outlook.com [40.107.73.78]) by dpdk.org (Postfix) with ESMTP id 61AF81B464 for ; Thu, 12 Jul 2018 16:09:18 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vbKAJlpUgUIe7jlRZUObpeZX+HilIlxPALkW52Z8G6c=; b=ju4kyypvFT8J4CXjHkGGuBpndWC+8JVfn2FLwXJ8sRseKyRum1CIzj8EIB/J3KQOv6y5SSDHF+/DgorJJ7elsUluLCnP/km0KxN+O3xYRYyjhMyFWd1L8vUkgrHncNR4O4o1AgNWi3zmuejYXwjs6IgZhFZ6Ol8rWzjGmyvmgis= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Shally.Verma@cavium.com; Received: from hyd1sverma-dt.caveonetworks.com (115.113.156.2) by DM5PR0701MB3637.namprd07.prod.outlook.com (2603:10b6:4:7d::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.952.18; Thu, 12 Jul 2018 14:09:14 +0000 From: Shally Verma To: pablo.de.lara.guarch@intel.com Cc: dev@dpdk.org, pathreya@caviumnetworks.com, nmurthy@caviumnetworks.com, Sunila Sahu , Ashish Gupta Date: Thu, 12 Jul 2018 19:38:44 +0530 Message-Id: <1531404526-17984-2-git-send-email-shally.verma@caviumnetworks.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1531404526-17984-1-git-send-email-shally.verma@caviumnetworks.com> References: <1531404526-17984-1-git-send-email-shally.verma@caviumnetworks.com> MIME-Version: 1.0 X-Originating-IP: [115.113.156.2] X-ClientProxiedBy: MAXPR0101CA0029.INDPRD01.PROD.OUTLOOK.COM (2603:1096:a00:d::15) To DM5PR0701MB3637.namprd07.prod.outlook.com (2603:10b6:4:7d::38) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: cc61757a-4862-45c8-0790-08d5e8010d93 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060)(7193020); SRVR:DM5PR0701MB3637; X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3637; 3:u9jC86K+yWgabP9BNOuzuvBYAyD4jy9Ra3KwhKtjAAEWrgM0ub06SqIl3iIKpcCb1VESybdQvgplz573RsgiH1LUcB1In34R+LMKpVaKPHFdshlgNT+n/BTQZJ8X+OqHWj6fZlzlovAzn6Rebz14js5Kbhw7SBp0b+w3ceu0uKvNrnTPW5syfzUrI+jlyYVtUqEjHH1DtWmEkoBDykkBkdd4BMMkh+j7FLtYErKSU39dMbo0XBRB9fIXQNI0Jg3Z; 25:zySobmT57bIw/XZYJMa8nC8QsmvVWVVAjCcwYGsRAR1mh7FowJhCcsfMFJZA3O9zJNI5q2OsemNYC/p6dm9lmbVTmXlCp0cZLAKJI/36Or58h/OYjbTxiyictWRT+HUBubyVOg/2pVtd9pSLORVdwkHCLFh5/xex+EKzrtuscd1EqPxr9BINOJQfF98a2cF02la2v0CMzcdt4WPK2S2fUeU5ujENcGC3WrKenM5AypRH2hP0w1eOKU81L1Qgx2CjdQ4z6MhK8RtF1E/q9t86dQGtEfOY2pHGbH6hQwRm3O+swP3fI8gQRI8WQGu4EhtPVBbHjw0QkhbXknv9logTQQ==; 31:KqhIb5T3NZQEBRtmNf17nBbmt15pIblP3a7654QVIK3PdMFN46KVx2DKSchyHtccw0Gc/evBepPtfRsTw473FzcoQjYhXBubFrfxm1yWNKBmjICn1EubDJ6acxad2MI010cze/0exUR60CM54vFju5V6NAcz9s88BB5CWzbeIfRxB21VYK8lXLEoMAON7VjXCtIvtP9/v4EcoyKEgelPtvtBkhtqjXCGeyH0B1iEyNo= X-MS-TrafficTypeDiagnostic: DM5PR0701MB3637: X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3637; 20:QR2BvyfuKzCSCN0GJy+G7/dybO2LrkrObXm/gRVQaJVJf/BmojYzbCDq1xknK3em6cj34QPEYFdL3epu7suhhanTS3JVeoyTSiNIbqa7d+LbOq+SrU0p4W9m4OSaOCy4jiqyTAVKpDsV8Nn9PxH8LYdsq+k9fLQ5/Tmt+ZWbDihtP1qCmtOEg9iUX3JkefmnpUOsk01nS41fUXWfSlGz2zg3n5nEyIv8dJzsNqbLUcBH9AgA46NX1yNkpv0CeU7YNjbB2IgE6OgPwAU3bGfrE+ePEI977GVaRHhsujIJwujivi7HVd31GQC5HVWQKIUasCXdtbbPydt1VkX/AidjD+5/HetFQPjRGfLVZ1bvjN3e5A1+R/P+4n3AdvmXMjnu0H6p4K9g4oYmkSGNyLvk5h2FMOSTtE29QNdBfZSpHx4ZG4PU5gN9pHvHt0saSs0r9g2x2MQSr+J0YuhXyZUJlAnKTkQlxfSGWMv26OofoCcN+95+1nAbIY5FYxC7eDVo1Wxo7GvksYMAyBtxhr1cRA3DzojHWmhOXPxWiBQS8GlJ6/MZbJJVfwAM1+amAKvU2jKibKohiuash5x1fBQ/HKOYr/qSaLz4c0IEUmhlAgk=; 4:SkV+xtWLgDJ2PfAOu4PbR3pET3UDRslr5qvEc2H/cSDZMbR60MJrQaMVHoCqhp4LA+jm9OLgWG9gzgKj8drK247B5uzB47Io7zIBsK9QtGlB5psjmkX5/vmzCUmaHnA2ZGn8imV8aPlrOmY9t0wyMBWT7gtn0x6oHLDy85tEdKmGqu2E+f73vmGf6CVgYOsUMIXtKsB8VwCf3ZTIAChNWlfi5UscIJxbQMQi1t2HTRRLjxqbu3AvkRYtDdk7Y3cP77BaOchIGxoh4gBJSeNBMw== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231311)(944501410)(52105095)(3002001)(10201501046)(93006095)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(20161123562045)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:DM5PR0701MB3637; BCL:0; PCL:0; RULEID:; SRVR:DM5PR0701MB3637; X-Forefront-PRVS: 0731AA2DE6 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(136003)(396003)(366004)(39860400002)(376002)(346002)(189003)(199004)(25786009)(6116002)(3846002)(81166006)(2351001)(8936002)(81156014)(8676002)(7736002)(305945005)(53416004)(2906002)(105586002)(106356001)(97736004)(6916009)(6666003)(69596002)(6486002)(36756003)(53936002)(47776003)(6512007)(50226002)(66066001)(4326008)(72206003)(446003)(2616005)(316002)(956004)(54906003)(2361001)(478600001)(14444005)(26005)(107886003)(486006)(16526019)(50466002)(11346002)(76176011)(476003)(44832011)(386003)(52116002)(42882007)(186003)(51416003)(55236004)(6506007)(48376002)(68736007)(5660300001)(16586007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR0701MB3637; H:hyd1sverma-dt.caveonetworks.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM5PR0701MB3637; 23:Wnj/vYbyGKerVd5Ot1iOceMsqiFdcZ6GhDMVRIC?= tuEJEtAU7+J6BhIogmaga5SDFPU+Zbeq6+sxfhUlmOwOA/ubZ3jV/tyiAj/2EOUgOb31ZPW5nkfao2oTVf3tRh2E5D5/74u6e51h6/rDrEovJ2jYibYs4fEQsymKuopHyjWwGU+Ky/1VARGbVgXfedI1k39OggaoE5UaMfngr5cTXc6g67aoYge30ZnxME4WCk3mOwiATNm1VWvUUPxnOlnbRHPHJ4xo9kz2xLkhbxBW4Qa2l/QiGpQwZ4ktqfJ4EkHyfWpPy9faZl7jR+GhhWwYFjYdps7/ujGmFzfumSQeadyOU+KNHKxejGrBIAHVNIHmn3XpegB3rkMeLPog5RUGWTWXQRE8MSBug8LeQiAOhg5GGP+FqnNrKnUr3JWU1iPHa1irbSHcaLz4XyUfeN6uMRtNMwYJi93eEzz9Y48JfMEuq0Kit2TlfEWqJs5nNS9aH+ZwrcWJmH+JQCDP/IfplN3WKf6R/IHDTgsWgocxPfFmLd8kwaXXxGZ53DrKi27EmEhLivJF89tojsmWHzFrw7L6z6Ht8zTmrX+FVyNnalTL4b5OfWYkqLAa9tbfDrOM5comEeQgfGk4tAhX2rPd2QpW++ZX6soIsbBrvSCfWSILQVbxw1uKp9RkkJ7IA2f6X7vNovLNzYgVAHQoFaNcLC8tX4JzDsQ1bz3wfHvyHEg6BJ0rG/S5eqbl39oPEpV1iFew38qB+w8NcP1EW09UyTgaR+9FnbsIAA9AnwP5M6QeMpVCcQDUPZ3hlE8OxuK2sTsm4rc4FzR/jX8Jui23F7sZoKFgMvPh9PAoeYKJjiCj5CE3UKrYbkxHE/n+JvBdy8u1VvlSaW3ddW2xy2pRmWvGT2G6jVEleAjXU+2HSHkyn0Z0YaTHRpHPD2OtiiJ5pjiCA+WfPt9dLueHNtAqlXlsRDxcrIsaRSj+m/DGUdGpHRiqe5y8QKEdRrgKQlG8LpiMvLsxhS56BY5GOgw0Fm9+8Hbtz3HJsSL6DR7hswTwDwNaVtgAPrJ7TMG/vMihPcDPoOkUUeSRc3OFeYhpuvVD7ixP31vM3ElS6kHnScvnUymvpRFDVJ+/xeKdZLRI2824cmXQZotcLctSaNvNvHAMEyIWujTj6nGwao1mXhIi1nn+aWraKhQxFkwHkC2GOBmmEdjeTSb4zxNzIT6fhhcOKh/dSPfHlPBddTrNBFkQF26akso9H6wpRLmY82BD5elTrsHBVVOiuAND21x/VLef7DcDVCOo0jKPXTLefIEV0D0gK2+sMAvZAy7ckND3TYXsXnXXYn4sn4LNhC/qHTw0ajstLL2Jc0D9lF34URRqT2GyEAZ2iazeKvzmkxjY= X-Microsoft-Antispam-Message-Info: V4LvfuIFSjfH33ww+THBziycNa2oGWB4Prywon8tbW3J9giyAzPQJdUqthroNdUX9YQ+P4LzIbmXpEpSr2LIafacHOV+7Ce90n43i6qmZ+V4n/JLYIy8FqXyMXCparYSnM8WhY6mlDPlZ5jqyXcfTNsbIzSShgQzNRe7QVzaN3whZcY+yRMwwqP12lhgPecgZewGFhK4jkBf+110zudXAR/NG3hFzOdZygZdMDNQeBEhmeiQgxereL4GKvFW/1TDRPQQY9QczGp+RYp0wK/BSqxS2LvDpNqfzQwZnRNaWXcM1MpP0uBDPG/6Us/c2rsfY3RofsHWjnxFZxKC8dN3464FRVudAnj4IFMaujKwvdA= X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3637; 6:+pg8B2Qi6/7O6ooNGaD7q8AB2ZT4HVan9jaQMK1+DsxWMbmHybMh4iKTqnN2xNYn39VOOEIf/GiBfjojUDlJOhsA6PS4DZ8x5Z6aj0RlXizyf+eA/XtV4gzQ+tEwXfvdCwAtnkqXyUZLXaA2P+HdjGeTrqv9NJpZVW7zBkmJk3EQGtqWG6GwqKi5aYK8TY/+NmzkfFzCq5AIDrtEHKAI/fmda3KvgDnLSoDBlR4WaUZBjf4hugKFIZEpY+XZ2tAusjEY5nlEBOQZOS6EimEjXmGKGY8HW6QWBCCxUgPoN0cyniwpUQpyGkfmCAETaFRFnJ3KZLbae9/ZnKZKiPGbEQ/jla/4Jb0Qzy4fu+O0dCmLgFylxvnFcZl23DoBywAOtpOm3ytzFfBQIQOT66IAngsHG3D/KVEofW1hmS9j6GebcDZPlgsC79+B5jjw6aGGIKtwPG4w60gjY5MhjeZXVg==; 5:lQQqlj6aorX8NLl44hFvSEJ5cMMRwmb+n+ybmjPDpJuTL9kKW2iIJ7VArSAYL7gEXKHeUEfrG80jF0nwqQMQCPHSjFf20+txZrmCoZYV6o4l0XxdallN1+mndZJeNK/XKFsjpCXP0Ox7Z/wsOd0Df3HQyMM+wHzbm9qNUcDVobU=; 24:zkFXOtDwQL7f40YbTjWy7NItNQGW97ydd5l45cfG+i1ytLDsxsZkVj+gNM9fASMjWd4BJkKTv7kfn/tTx1ZXyObZY4ssYhZCdBlic4H7/Co= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3637; 7:qPSqXIFFJcilgU0t2+MFCvCspJY8f7NuADcrMZDOvoB5wxouLNreH2CcJMqxVTwk5OSRsmrG9qLGlfXDLZxqHfzbogKPkgRzrTvrSZaRsA7oh6b42xTl2IsKdhfYmc/A5qnXzTb8MoeHyiWyHX1iyMKUcFW4ulxS26C+SBa1uckhwGyNgEyAwArcOTzYeG3vCmQpQvSLYN1dlfW/SK6N5L6kazPpBDVBNC5IMvkAMvjt/cH7ZrVmqs1L6Y+fYhga X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jul 2018 14:09:14.1425 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: cc61757a-4862-45c8-0790-08d5e8010d93 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR0701MB3637 Subject: [dpdk-dev] [PATCH v4 1/3] crypto/openssl: add rsa and mod asym op X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Sunila Sahu - Add compat.h to make pmd compatible to openssl-1.1.0 and backward version - Add rsa sign/verify/encrypt/decrypt and modular operation support Signed-off-by: Sunila Sahu Signed-off-by: Shally Verma Signed-off-by: Ashish Gupta --- drivers/crypto/openssl/compat.h | 40 +++ drivers/crypto/openssl/rte_openssl_pmd.c | 229 ++++++++++++++- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 336 ++++++++++++++++++++++- drivers/crypto/openssl/rte_openssl_pmd_private.h | 19 ++ 4 files changed, 612 insertions(+), 12 deletions(-) diff --git a/drivers/crypto/openssl/compat.h b/drivers/crypto/openssl/compat.h new file mode 100644 index 0000000..8ece808 --- /dev/null +++ b/drivers/crypto/openssl/compat.h @@ -0,0 +1,40 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2018 Cavium Networks + */ + +#ifndef __RTA_COMPAT_H__ +#define __RTA_COMPAT_H__ + +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + +#define set_rsa_params(rsa, p, q, ret) \ + do {rsa->p = p; rsa->q = q; ret = 0; } while (0) + +#define set_rsa_crt_params(rsa, dmp1, dmq1, iqmp, ret) \ + do { \ + rsa->dmp1 = dmp1; \ + rsa->dmq1 = dmq1; \ + rsa->iqmp = iqmp; \ + ret = 0; \ + } while (0) + +#define set_rsa_keys(rsa, n, e, d, ret) \ + do { \ + rsa->n = n; rsa->e = e; rsa->d = d; ret = 0; \ + } while (0) + +#else + +#define set_rsa_params(rsa, p, q, ret) \ + (ret = !RSA_set0_factors(rsa, p, q)) + +#define set_rsa_crt_params(rsa, dmp1, dmq1, iqmp, ret) \ + (ret = !RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)) + +/* n, e must be non-null, d can be NULL */ +#define set_rsa_keys(rsa, n, e, d, ret) \ + (ret = !RSA_set0_key(rsa, n, e, d)) + +#endif /* version < 10100000 */ + +#endif /* __RTA_COMPAT_H__ */ diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 5228b92..e21a6a1 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -14,6 +14,7 @@ #include #include "rte_openssl_pmd_private.h" +#include "compat.h" #define DES_BLOCK_SIZE 8 @@ -727,19 +728,36 @@ openssl_reset_session(struct openssl_session *sess) } /** Provide session for operation */ -static struct openssl_session * +static void * get_session(struct openssl_qp *qp, struct rte_crypto_op *op) { struct openssl_session *sess = NULL; + struct openssl_asym_session *asym_sess = NULL; if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { - /* get existing session */ - if (likely(op->sym->session != NULL)) - sess = (struct openssl_session *) - get_sym_session_private_data( - op->sym->session, - cryptodev_driver_id); + if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { + /* get existing session */ + if (likely(op->sym->session != NULL)) + sess = (struct openssl_session *) + get_sym_session_private_data( + op->sym->session, + cryptodev_driver_id); + } else { + if (likely(op->asym->session != NULL)) + asym_sess = (struct openssl_asym_session *) + get_asym_session_private_data( + op->asym->session, + cryptodev_driver_id); + if (asym_sess == NULL) + op->status = + RTE_CRYPTO_OP_STATUS_INVALID_SESSION; + return asym_sess; + } } else { + /* sessionless asymmetric not supported */ + if (op->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) + return NULL; + /* provide internal session */ void *_sess = NULL; void *_sess_private_data = NULL; @@ -1525,6 +1543,191 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, op->status = RTE_CRYPTO_OP_STATUS_ERROR; } +/* process modinv operation */ +static int process_openssl_modinv_op(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + struct rte_crypto_asym_op *op = cop->asym; + BIGNUM *base = BN_CTX_get(sess->u.m.ctx); + BIGNUM *res = BN_CTX_get(sess->u.m.ctx); + + if (unlikely(base == NULL || res == NULL)) { + if (base) + BN_free(base); + if (res) + BN_free(res); + cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + return -1; + } + + base = BN_bin2bn((const unsigned char *)op->modinv.base.data, + op->modinv.base.length, base); + + if (BN_mod_inverse(res, base, sess->u.m.modulus, sess->u.m.ctx)) { + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + op->modinv.base.length = BN_bn2bin(res, op->modinv.base.data); + } else { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + } + + return 0; +} + +/* process modexp operation */ +static int process_openssl_modexp_op(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + struct rte_crypto_asym_op *op = cop->asym; + BIGNUM *base = BN_CTX_get(sess->u.e.ctx); + BIGNUM *res = BN_CTX_get(sess->u.e.ctx); + + if (unlikely(base == NULL || res == NULL)) { + if (base) + BN_free(base); + if (res) + BN_free(res); + cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + return -1; + } + + base = BN_bin2bn((const unsigned char *)op->modinv.base.data, + op->modinv.base.length, base); + + if (BN_mod_exp(res, base, sess->u.e.exp, + sess->u.e.mod, sess->u.e.ctx)) { + op->modinv.base.length = BN_bn2bin(res, op->modinv.base.data); + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + } else { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + } + + return 0; +} + +/* process rsa operations */ +static int process_openssl_rsa_op(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + int ret = 0; + struct rte_crypto_asym_op *op = cop->asym; + RSA *rsa = sess->u.r.rsa; + uint32_t pad = (op->rsa.pad); + + switch (pad) { + case RTE_CRYPTO_RSA_PKCS1_V1_5_BT0: + case RTE_CRYPTO_RSA_PKCS1_V1_5_BT1: + case RTE_CRYPTO_RSA_PKCS1_V1_5_BT2: + pad = RSA_PKCS1_PADDING; + break; + case RTE_CRYPTO_RSA_PADDING_NONE: + pad = RSA_NO_PADDING; + break; + default: + cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + OPENSSL_LOG(ERR, + "rsa pad type not supported %d\n", pad); + return 0; + } + + switch (op->rsa.op_type) { + case RTE_CRYPTO_ASYM_OP_ENCRYPT: + ret = RSA_public_encrypt(op->rsa.message.length, + op->rsa.message.data, + op->rsa.message.data, + rsa, + pad); + + if (ret > 0) + op->rsa.message.length = ret; + OPENSSL_LOG(DEBUG, + "length of encrypted text %d\n", ret); + break; + + case RTE_CRYPTO_ASYM_OP_DECRYPT: + ret = RSA_private_decrypt(op->rsa.message.length, + op->rsa.message.data, + op->rsa.message.data, + rsa, + pad); + if (ret > 0) + op->rsa.message.length = ret; + break; + + case RTE_CRYPTO_ASYM_OP_SIGN: + ret = RSA_private_encrypt(op->rsa.message.length, + op->rsa.message.data, + op->rsa.sign.data, + rsa, + pad); + if (ret > 0) + op->rsa.sign.length = ret; + break; + + case RTE_CRYPTO_ASYM_OP_VERIFY: + ret = RSA_public_decrypt(op->rsa.sign.length, + op->rsa.sign.data, + op->rsa.sign.data, + rsa, + pad); + + OPENSSL_LOG(DEBUG, + "Length of public_decrypt %d " + "length of message %zd\n", + ret, op->rsa.message.length); + + if (memcmp(op->rsa.sign.data, op->rsa.message.data, + op->rsa.message.length)) { + OPENSSL_LOG(ERR, + "RSA sign Verification failed"); + return -1; + } + default: + /* allow ops with invalid args to be pushed to + * completion queue + */ + cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + break; + } + + if (ret < 0) + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + + return 0; +} + +static int +process_asym_op(struct openssl_qp *qp, struct rte_crypto_op *op, + struct openssl_asym_session *sess) +{ + int retval = 0; + + op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + + switch (sess->xfrm_type) { + case RTE_CRYPTO_ASYM_XFORM_RSA: + retval = process_openssl_rsa_op(op, sess); + break; + case RTE_CRYPTO_ASYM_XFORM_MODEX: + retval = process_openssl_modexp_op(op, sess); + break; + case RTE_CRYPTO_ASYM_XFORM_MODINV: + retval = process_openssl_modinv_op(op, sess); + break; + default: + op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + break; + } + if (!retval) { + /* op processed so push to completion queue as processed */ + retval = rte_ring_enqueue(qp->processed_ops, (void *)op); + if (retval) + /* return error if failed to put in completion queue */ + retval = -1; + } + + return retval; +} + /** Process crypto operation for mbuf */ static int process_op(struct openssl_qp *qp, struct rte_crypto_op *op, @@ -1597,7 +1800,7 @@ static uint16_t openssl_pmd_enqueue_burst(void *queue_pair, struct rte_crypto_op **ops, uint16_t nb_ops) { - struct openssl_session *sess; + void *sess; struct openssl_qp *qp = queue_pair; int i, retval; @@ -1606,7 +1809,12 @@ openssl_pmd_enqueue_burst(void *queue_pair, struct rte_crypto_op **ops, if (unlikely(sess == NULL)) goto enqueue_err; - retval = process_op(qp, ops[i], sess); + if (ops[i]->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) + retval = process_op(qp, ops[i], + (struct openssl_session *) sess); + else + retval = process_asym_op(qp, ops[i], + (struct openssl_asym_session *) sess); if (unlikely(retval < 0)) goto enqueue_err; } @@ -1661,7 +1869,8 @@ cryptodev_openssl_create(const char *name, RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | RTE_CRYPTODEV_FF_CPU_AESNI | RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | - RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT; + RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | + RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO; /* Set vector instructions mode supported */ internals = dev->data->dev_private; diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 5335685..a23a9e2 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -9,6 +9,7 @@ #include #include "rte_openssl_pmd_private.h" +#include "compat.h" static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { @@ -469,6 +470,63 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { }, } }, } }, + { /* RSA */ + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym = { + .xform_capa = { + .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA, + .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | + (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | + (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | + (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), + { + .modlen = { + /* min length is based on openssl rsa keygen */ + .min = 30, + /* value 0 symbolizes no limit on max length */ + .max = 0, + .increment = 1 + }, } + } + }, + } + }, + { /* modexp */ + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym = { + .xform_capa = { + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX, + .op_types = 0, + { + .modlen = { + /* value 0 symbolizes no limit on min length */ + .min = 0, + /* value 0 symbolizes no limit on max length */ + .max = 0, + .increment = 1 + }, } + } + }, + } + }, + { /* modinv */ + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym = { + .xform_capa = { + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV, + .op_types = 0, + { + .modlen = { + /* value 0 symbolizes no limit on min length */ + .min = 0, + /* value 0 symbolizes no limit on max length */ + .max = 0, + .increment = 1 + }, } + } + }, + } + }, RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; @@ -655,13 +713,20 @@ openssl_pmd_qp_count(struct rte_cryptodev *dev) return dev->data->nb_queue_pairs; } -/** Returns the size of the session structure */ +/** Returns the size of the symmetric session structure */ static unsigned openssl_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused) { return sizeof(struct openssl_session); } +/** Returns the size of the asymmetric session structure */ +static unsigned +openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused) +{ + return sizeof(struct openssl_asym_session); +} + /** Configure the session from a crypto xform chain */ static int openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused, @@ -698,6 +763,226 @@ openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused, return 0; } +static int openssl_set_asym_session_parameters( + struct openssl_asym_session *asym_session, + struct rte_crypto_asym_xform *xform) +{ + int ret = 0; + + if (xform->next != NULL) { + OPENSSL_LOG(ERR, "chained xfrms are not supported on %s", + rte_crypto_asym_xform_strings[xform->xform_type]); + return -1; + } + + switch (xform->xform_type) { + case RTE_CRYPTO_ASYM_XFORM_RSA: + { + BIGNUM *n = NULL; + BIGNUM *e = NULL; + BIGNUM *d = NULL; + BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL; + BIGNUM *iqmp = NULL, *dmq1 = NULL; + + /* copy xfrm data into rsa struct */ + n = BN_bin2bn((const unsigned char *)xform->rsa.n.data, + xform->rsa.n.length, n); + e = BN_bin2bn((const unsigned char *)xform->rsa.e.data, + xform->rsa.e.length, e); + + if (!n || !e) + goto err_rsa; + + RSA *rsa = RSA_new(); + if (rsa == NULL) + goto err_rsa; + + if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) { + d = BN_bin2bn( + (const unsigned char *)xform->rsa.d.data, + xform->rsa.d.length, + d); + if (!d) { + RSA_free(rsa); + goto err_rsa; + } + } else { + p = BN_bin2bn((const unsigned char *) + xform->rsa.qt.p.data, + xform->rsa.qt.p.length, + p); + q = BN_bin2bn((const unsigned char *) + xform->rsa.qt.q.data, + xform->rsa.qt.q.length, + q); + dmp1 = BN_bin2bn((const unsigned char *) + xform->rsa.qt.dP.data, + xform->rsa.qt.dP.length, + dmp1); + dmq1 = BN_bin2bn((const unsigned char *) + xform->rsa.qt.dQ.data, + xform->rsa.qt.dQ.length, + dmq1); + iqmp = BN_bin2bn((const unsigned char *) + xform->rsa.qt.qInv.data, + xform->rsa.qt.qInv.length, + iqmp); + + if (!p || !q || !dmp1 || !dmq1 || !iqmp) { + RSA_free(rsa); + goto err_rsa; + } + set_rsa_params(rsa, p, q, ret); + if (ret) { + OPENSSL_LOG(ERR, + "failed to set rsa params\n"); + RSA_free(rsa); + goto err_rsa; + } + set_rsa_crt_params(rsa, dmp1, dmq1, iqmp, ret); + if (ret) { + OPENSSL_LOG(ERR, + "failed to set crt params\n"); + RSA_free(rsa); + /* + * set already populated params to NULL + * as its freed by call to RSA_free + */ + p = q = NULL; + goto err_rsa; + } + } + + set_rsa_keys(rsa, n, e, d, ret); + if (ret) { + OPENSSL_LOG(ERR, "Failed to load rsa keys\n"); + RSA_free(rsa); + return -1; + } + asym_session->u.r.rsa = rsa; + asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA; + break; +err_rsa: + if (n) + BN_free(n); + if (e) + BN_free(e); + if (d) + BN_free(d); + if (p) + BN_free(p); + if (q) + BN_free(q); + if (dmp1) + BN_free(dmp1); + if (dmq1) + BN_free(dmq1); + if (iqmp) + BN_free(iqmp); + + return -1; + } + case RTE_CRYPTO_ASYM_XFORM_MODEX: + { + struct rte_crypto_modex_xform *xfrm = &(xform->modex); + + BN_CTX *ctx = BN_CTX_new(); + if (ctx == NULL) { + OPENSSL_LOG(ERR, + " failed to allocate resources\n"); + return -1; + } + BN_CTX_start(ctx); + BIGNUM *mod = BN_CTX_get(ctx); + BIGNUM *exp = BN_CTX_get(ctx); + if (mod == NULL || exp == NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return -1; + } + + mod = BN_bin2bn((const unsigned char *) + xfrm->modulus.data, + xfrm->modulus.length, mod); + exp = BN_bin2bn((const unsigned char *) + xfrm->exponent.data, + xfrm->exponent.length, exp); + asym_session->u.e.ctx = ctx; + asym_session->u.e.mod = mod; + asym_session->u.e.exp = exp; + asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODEX; + break; + } + case RTE_CRYPTO_ASYM_XFORM_MODINV: + { + struct rte_crypto_modinv_xform *xfrm = &(xform->modinv); + + BN_CTX *ctx = BN_CTX_new(); + if (ctx == NULL) { + OPENSSL_LOG(ERR, + " failed to allocate resources\n"); + return -1; + } + BN_CTX_start(ctx); + BIGNUM *mod = BN_CTX_get(ctx); + if (mod == NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return -1; + } + + mod = BN_bin2bn((const unsigned char *) + xfrm->modulus.data, + xfrm->modulus.length, + mod); + asym_session->u.m.ctx = ctx; + asym_session->u.m.modulus = mod; + asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODINV; + break; + } + default: + return -1; + } + + return 0; +} + +/** Configure the session from a crypto xform chain */ +static int +openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused, + struct rte_crypto_asym_xform *xform, + struct rte_cryptodev_asym_session *sess, + struct rte_mempool *mempool) +{ + void *asym_sess_private_data; + int ret; + + if (unlikely(sess == NULL)) { + OPENSSL_LOG(ERR, "invalid asymmetric session struct"); + return -EINVAL; + } + + if (rte_mempool_get(mempool, &asym_sess_private_data)) { + CDEV_LOG_ERR( + "Couldn't get object from session mempool"); + return -ENOMEM; + } + + ret = openssl_set_asym_session_parameters(asym_sess_private_data, + xform); + if (ret != 0) { + OPENSSL_LOG(ERR, "failed configure session parameters"); + + /* Return session to mempool */ + rte_mempool_put(mempool, asym_sess_private_data); + return ret; + } + + set_asym_session_private_data(sess, dev->driver_id, + asym_sess_private_data); + + return 0; +} /** Clear the memory of session so it doesn't leave key material behind */ static void @@ -717,6 +1002,50 @@ openssl_pmd_sym_session_clear(struct rte_cryptodev *dev, } } +static void openssl_reset_asym_session(struct openssl_asym_session *sess) +{ + switch (sess->xfrm_type) { + case RTE_CRYPTO_ASYM_XFORM_RSA: + if (sess->u.r.rsa) + RSA_free(sess->u.r.rsa); + break; + case RTE_CRYPTO_ASYM_XFORM_MODEX: + if (sess->u.e.ctx) { + BN_CTX_end(sess->u.e.ctx); + BN_CTX_free(sess->u.e.ctx); + } + break; + case RTE_CRYPTO_ASYM_XFORM_MODINV: + if (sess->u.m.ctx) { + BN_CTX_end(sess->u.m.ctx); + BN_CTX_free(sess->u.m.ctx); + } + break; + default: + break; + } +} + +/** Clear the memory of asymmetric session + * so it doesn't leave key material behind + */ +static void +openssl_pmd_asym_session_clear(struct rte_cryptodev *dev, + struct rte_cryptodev_asym_session *sess) +{ + uint8_t index = dev->driver_id; + void *sess_priv = get_asym_session_private_data(sess, index); + + /* Zero out the whole structure */ + if (sess_priv) { + openssl_reset_asym_session(sess_priv); + memset(sess_priv, 0, sizeof(struct openssl_asym_session)); + struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); + set_asym_session_private_data(sess, index, NULL); + rte_mempool_put(sess_mp, sess_priv); + } +} + struct rte_cryptodev_ops openssl_pmd_ops = { .dev_configure = openssl_pmd_config, .dev_start = openssl_pmd_start, @@ -733,8 +1062,11 @@ struct rte_cryptodev_ops openssl_pmd_ops = { .queue_pair_count = openssl_pmd_qp_count, .sym_session_get_size = openssl_pmd_sym_session_get_size, + .asym_session_get_size = openssl_pmd_asym_session_get_size, .sym_session_configure = openssl_pmd_sym_session_configure, - .sym_session_clear = openssl_pmd_sym_session_clear + .asym_session_configure = openssl_pmd_asym_session_configure, + .sym_session_clear = openssl_pmd_sym_session_clear, + .asym_session_clear = openssl_pmd_asym_session_clear }; struct rte_cryptodev_ops *rte_openssl_pmd_ops = &openssl_pmd_ops; diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h index 29fcb76..0ebe596 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_private.h +++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h @@ -8,6 +8,7 @@ #include #include #include +#include #define CRYPTODEV_NAME_OPENSSL_PMD crypto_openssl /**< Open SSL Crypto PMD device name */ @@ -142,6 +143,24 @@ struct openssl_session { } __rte_cache_aligned; +/** OPENSSL crypto private asymmetric session structure */ +struct openssl_asym_session { + enum rte_crypto_asym_xform_type xfrm_type; + union { + struct rsa { + RSA *rsa; + } r; + struct exp { + BIGNUM *exp; + BIGNUM *mod; + BN_CTX *ctx; + } e; + struct mod { + BIGNUM *modulus; + BN_CTX *ctx; + } m; + } u; +} __rte_cache_aligned; /** Set and validate OPENSSL crypto session parameters */ extern int openssl_set_session_parameters(struct openssl_session *sess, From patchwork Thu Jul 12 14:08:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shally Verma X-Patchwork-Id: 42980 X-Patchwork-Delegate: pablo.de.lara.guarch@intel.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 17CA81B476; Thu, 12 Jul 2018 16:09:23 +0200 (CEST) Received: from NAM05-DM3-obe.outbound.protection.outlook.com (mail-eopbgr730080.outbound.protection.outlook.com [40.107.73.80]) by dpdk.org (Postfix) with ESMTP id 60DBF1B473 for ; Thu, 12 Jul 2018 16:09:21 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Bl1Soe1GhvTYs1ugf4zJ2eTAmNWd5PzFg4+RJfFZ/pg=; b=eDPN/Wa11Y6v4EFH4YIlO0CX7ZnmdoHKM/0DqS6YwRyKo928B2kftqB6Sv/5Q7Qs4cSR3xDnRVJlRXH7wE5ypU8OgiO5+gsFB2Wa/Oj+W05ToCw/UWnwtglMRXtoYiWToMclurmF7LQXyowzuczCrHeqo6cZSSnGWmLf6fsgUpI= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Shally.Verma@cavium.com; Received: from hyd1sverma-dt.caveonetworks.com (115.113.156.2) by DM5PR0701MB3637.namprd07.prod.outlook.com (2603:10b6:4:7d::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.952.18; Thu, 12 Jul 2018 14:09:17 +0000 From: Shally Verma To: pablo.de.lara.guarch@intel.com Cc: dev@dpdk.org, pathreya@caviumnetworks.com, nmurthy@caviumnetworks.com, Sunila Sahu , Ashish Gupta Date: Thu, 12 Jul 2018 19:38:45 +0530 Message-Id: <1531404526-17984-3-git-send-email-shally.verma@caviumnetworks.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1531404526-17984-1-git-send-email-shally.verma@caviumnetworks.com> References: <1531404526-17984-1-git-send-email-shally.verma@caviumnetworks.com> MIME-Version: 1.0 X-Originating-IP: [115.113.156.2] X-ClientProxiedBy: MAXPR0101CA0029.INDPRD01.PROD.OUTLOOK.COM (2603:1096:a00:d::15) To DM5PR0701MB3637.namprd07.prod.outlook.com (2603:10b6:4:7d::38) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 94c11a21-e489-4f5a-1bc7-08d5e8010f4c X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060)(7193020); SRVR:DM5PR0701MB3637; X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3637; 3:QgKyArRyvpgQ8OFKHxwoc2DMBBZLZX9PILZXhVcPXdRBHtsydaXPf0+s8Y4VVOw5fnVp0f6VXSuVnMpphi66rOvAgPVT7eM61DBZKybG9TuKVTlNUB07Nl+IthwkxRNiYe5SCcTGxzKp2dy1xXqRbJaNDeyFJrPfGB0mKyy0w5opB5Ygch2b1i8GFjJ++mkniXeFfV4nmxyTuIf78WOgTlyNmfRcdDfqLmDDY3M0CkPPDpWpb62a6vBgMGSpRIHY; 25:aazSJmE0WUa7tO4ozmmFhDB3pIBPyYAxa8Rw4M6DtO8mbD6llRvCCur+Xx3yn+mWkzAK/dxa8GfN80l7c5ruWbCuhqLrPUY3gct16P9zl+QbhnfdGwQisruFjRaxsWXpDB1KZm0jLn6T2y7LgZunxSxaYtiyHANsyAZ4HzgBgV8Y6HIcIAFzpTfuZ8Eoms9+Aa4g1JZyxnioTf7BUt3O6h38vvohaYdV5jgXCom/477twhmkFAr+dfASuTyQm0yVWIStB+4v7tEJvxC2xOBfPJym90c7DSeNhYeUWMqc8i7RpTMzMZBcX8v4Nb8SHDw/1j0O+DZpjq5GBf6iXo4aug==; 31:bCug3qlX1aKhovfPFrB3TMlHLlJIY7JK1guNhT+oUw6yC1lbJsAvQ5oCjBU4uV+6nAA7vM80ndHKqPjk8eCw8fbn7vDGoKOsEjaQd9aJ5Jms8i7pcYXWjfsQKamCur5KbDiHppR8uHtMEsf3T1x3SpwDF7SCQaDqcmQybvcN4C0DZ4zhGEkSe1UeBKzcAir+p905fKB9rKZJgnuiZYkX5r9kscy5AsxeUsprkmWFv8k= X-MS-TrafficTypeDiagnostic: DM5PR0701MB3637: X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3637; 20:3s/MQpcg6I6lbJAasrpABA8XgCnS1TWj6A1dy9bDeb5u6iv0NFk/PCOO0QxvfXAYooM/jSBe7I8xZegoMUxsucM8AaGF3sYnoE6ow1U8Pmshk7ysL/6gMg7Jdikz6WguQgTaRWM6+k4AQHWI321ozIVFdbwwrBt0D1YltJ3TopB8AnEYczoJnhoPxRPbT0bMrNNkQdegKbhGVok2NcE57gRrnQoBBfuIzEXRr+Pky+xK2wWn/rSv8f+8v0SMdyUrl8DAmRNCz8njTghGW9HyKuQQQIgOqQzku1WF4tl1Pl5YvSsRaS9Ii2ENuq4nilUg5SXWilDcWwyyH6JhInYq9tWWGWHEVVkmLaXbGrJjwVE7UsNCyxA8mZTC1YU0K2TPUBhwkJH326dK5747rXYAEUi+oR5DnO1FAEOmw+BSZzGFnOY1PCRBboaHEH+xW+TlC6I42fuwgGbIMMPMMlA00wqCeK9qLTSUhyhV+B31LpwskrYYPrvHa5xrOAH3ilEt9i18FeiAOUYhZmXGmL/Hf/ljZv8W62FMzfglXwVecUeWICe2DU7XnxwmwTVWEQl9d5dr51yORk79HtJLm8IL1OfgzNjFjCqdgBRxHpp+Db4=; 4:hJ+qQ1X7rYYGdeki5vlTeEEUEM8SWpzJMaWlyuYEs0xq6SOjNlChoPIM49h9RhY4h3iNNV3UXUc9iKg5YfYOk0IDKDib6vvlErIdFg6fU2/Do2EqleSJuudY4Q2jjCFim6CJsD1wwfDPUmjQB6n4aOzegF3By7sL0q+rGVOouhdDdRk6gifn1sJeQLVSoS2ryHYAbcJ8zo07hcHM+ZdxtfllwqJZDCqkSTngwNPFyx8DK45tWmEJgOI50TR3tkUU037pFuv6x5yJPmexXsBxew== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231311)(944501410)(52105095)(3002001)(10201501046)(93006095)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(20161123562045)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:DM5PR0701MB3637; BCL:0; PCL:0; RULEID:; SRVR:DM5PR0701MB3637; X-Forefront-PRVS: 0731AA2DE6 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(136003)(396003)(366004)(39860400002)(376002)(346002)(189003)(199004)(25786009)(6116002)(3846002)(81166006)(2351001)(8936002)(81156014)(8676002)(7736002)(305945005)(53416004)(2906002)(105586002)(106356001)(97736004)(6916009)(6666003)(69596002)(6486002)(36756003)(53936002)(47776003)(6512007)(50226002)(66066001)(4326008)(72206003)(446003)(2616005)(316002)(956004)(54906003)(2361001)(478600001)(14444005)(26005)(107886003)(486006)(16526019)(50466002)(11346002)(76176011)(476003)(44832011)(386003)(52116002)(42882007)(186003)(51416003)(55236004)(6506007)(48376002)(68736007)(5660300001)(16586007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR0701MB3637; H:hyd1sverma-dt.caveonetworks.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM5PR0701MB3637; 23:MvXiSF4GEwngC5VEM8bHf2fkDNsEi5iZnd/5n+5?= FDakR629XhY9qPRWrye/hvkihDoHMgUeBZ22tDg/6igAjvEaLjMrLNEHBCnZtJgl2ENwSdspUe5RkUThUHPWi69L+Kv+QWpnWc1OfI2z2hReE6L9i0NZWswnYTFEcx8JH5DwdDQTcE7StRookmHF2N7OzLVxEYgHpWcFi/EpCSFr94FVLOOMnFwNihD/ZT8dKD6hklszGRKeWhaD0rIbopK0Apdo6c4j/fmQtDVyrtKXZlBb4dv+wTLuBOCcHBOdPMzkm5ynJchRC9AppJ4wdWjL52/x9o6sq7jDdEUnz9YWNinRIiLysdy11DtrT8cC0g9fPLGyMsu1Gpm6oqFLSIRcqT+KewKCJU2g8vr4UFqI8tqOJ2B1rN+THgVPbiuaNguYTug0j64KCU52F/NqJ61ZB35M0RoKWbOeaWD6vdxFURzBvtUCPveZW+zBKy5P16pat8X/3ZeAyGh136JSZdsoPokuRn6m+egDU0zeg8JsA90+bWMu8DjGe+G4wEZnu0jED58L6UFuLU5+fZD9GP9Uxs6JzNZPo6cfa/XYhybK6/dGb0xrpZkx7HAzeFwNj9rDywhMJh6db4OuWZYqIMH4auK3+x6bBuVgWjReXqcCbyo/O2FQw1a7/DkkY4Fa5iIXL2Pk6LFgjSxxpao1+5xefzGsKMSj1YcO8FPon6aw8wHq+q8jLkA8LdCXUtSB+pbH18z0+jQrXVYFfip/LFOwFJmyq9pfobBHz+wQjd8t6NmUxmIkepJl862COEEsYSU8HSKDo6V1sYnu3IOyNZq8QsKIPzMwv1DOWYy6ypweFRuRXz2rLGF5C6CgY6Al0yWsHOOlr3AGZgcRVjcQLsP/Z9Znfsa+DPgTrZ29IKR2O+aqSBUOsSO6O9f/rZcEWnIQPXri5Zjec0TZbCWkx8E5TuWUfYGfEXfd7CftKgyNSgV4hwLltMM5xvB0YQBV2XUFMhN8zqaB8b+uQi5DjHnFNq0TKMOw4RwC2w96NwVNVjA2LmSKb2ebleWIHWFEnIZiu0A4lsm++LEk2TGSQBrLHcrzSypYfr5m7ukjYt+/OdJDOAL+lQHJhJyHeadmZgvQHr6EkPvIvrlnF5oWZvzM1CP0UxfpH3BNcEOQ7LQ+VNIoeCEUlPQ7pC4XBWCVdzRko4c/20LVHzFxezFUh5qrczkbf1+QThkrY2/n1ALPVe/Ize+v7FEvdjjqSpoobyTxskUH+28ARsR6FFyrXSbh3jMEQwQWHlSU63ewqNNTzwPXvOmQbkmR3SDQLGindEK2YsXfhRWvcWBcTaHXpA5VK4gJ0Trd5cHgKL+2X3PJp6KoYO2Hjflh402RbjRfyz1M= X-Microsoft-Antispam-Message-Info: ePpbm/8XBd8eDL6nYKOqjaXTHeKqDAaJeYVc+BJpfe8qyf78hKRGadC0nqgyakY3ETv6QZ5aOCsKYM8uw3MvkBsMqENkJi8t0k6UlMAkR+cXzlwy5rRIWobQC/fgIsHzR0EO28ZNSBXib0jtQM1meZlB/PnAP4Pkl18vTdAvXMP+esnx9Nxh+dvgdlnUwh6Tsu7Qy/bOyVFKCPt99iVcnW3Z680A6zmmwMs48gKem9gIYTLuMEPfX5cSI5wsb3yC5zdrC1o47v9lolyhDdJy1l3BBAJxE1g4r5H0RM60+lwzUjeO+gQoW1mJ0+NlBn5BVNkBCySsxCg9N+raSPrJNfkKexB6O+kA09qGJvoBYqs= X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3637; 6:Lwr8PqRLye3iOIsNw+s5/fsJrsJF0xwyfeCpYq9lvsgEcNm96QLO4THh1HibxZDEZFbSPKfIlklIqHc4SlBZOpkwV4mMtemgCJ88mHDcLoEXp/14HOpibw7so1vFsg/FvISrD2dDEYHYzUQNTGSOPourzikBB8SMVQp41Xd8NlU3f7MCRyGOOJ4whjZphqg7BeiJUFmtYQknmffc/VdbJNJ2XHrJdWVqyYmIxG4pEGpx5t57THpnQOtu9vk+LgWEPVp75VfFIGzufCg9MU5zsY0UFYOBFUYiv8AMCOFljpfFc11C6AA0txllZgnFw7ErIOMj1IPjs3KyJfIwUCqvhSmekbNXfok/0F8BvIuq6Rac5XjDZ02/EURckjnqXMKEuTiwQ+9h7+FaZVyzVQBzLosxY8HXdoyPsvz2y/sp3wsM16fyus9NrDEgRpfzb6TMtEXpvJ2tp3j94Ok1FUBM7w==; 5:I81opxnmdKmKxSBX/BM+UGgkMIxq8KdtGCxrhRXftJwFQWFdXxPyWdnvm8dMxEVGFHKQAkD4JH+tmnVMvuE6p2ryOeMedfQ35sX/PUMtkdQ2k/dESIp//EZE1YZ4PBn4zNVQLVa5Rqkakq6IlU39FZxwjAHD8jdItpC2ECzM/KY=; 24:ECnXN0OMQ6326RoIDw/0MYumlRVD2asyIfOsVvsmFL59Ikyg981DmcF7Y/vHwLzBPKTWyTo5v7gkV0NI42gzMjSUuRDcEzR5AKWoFxmYF+c= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3637; 7:ykFKXUTgA92krQMYfKXPd7d3As7GKFkx7kiDK4tFQ+Juw+lX6I9BMh/tgnzcwsdo6l8Zd1WHa1z/J0nGJbEaWSOXrqY49FmnUBxUuYv9WTOVnjkJD1EP/aD0WbUYqlpEtKnZ+7u/gNgCQVct7VXMB/uhR5Bh4NQjJGK8tRHmqUKF3/hjNlwpIdY45KNANMtK0vNqc5Bsoxl6l4BQ0GbbmeqVgqIUSOWHKbfnAJW9R/nsyiYW7HSUF2TTYROhK5W8 X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jul 2018 14:09:17.0487 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 94c11a21-e489-4f5a-1bc7-08d5e8010f4c X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR0701MB3637 Subject: [dpdk-dev] [PATCH v4 2/3] crypto/openssl: add dh and dsa asym op X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Sunila Sahu - Add dh key generation and shared compute - Add dsa sign and verify operation Signed-off-by: Sunila Sahu Signed-off-by: Shally Verma Signed-off-by: Ashish Gupta --- drivers/crypto/openssl/compat.h | 68 +++++++ drivers/crypto/openssl/rte_openssl_pmd.c | 237 +++++++++++++++++++++++ drivers/crypto/openssl/rte_openssl_pmd_ops.c | 194 ++++++++++++++++++- drivers/crypto/openssl/rte_openssl_pmd_private.h | 9 + 4 files changed, 507 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/openssl/compat.h b/drivers/crypto/openssl/compat.h index 8ece808..45f9a33 100644 --- a/drivers/crypto/openssl/compat.h +++ b/drivers/crypto/openssl/compat.h @@ -23,6 +23,41 @@ rsa->n = n; rsa->e = e; rsa->d = d; ret = 0; \ } while (0) +#define set_dh_params(dh, p, g, ret) \ + do { \ + dh->p = p; \ + dh->q = NULL; \ + dh->g = g; \ + ret = 0; \ + } while (0) + +#define set_dh_priv_key(dh, priv_key, ret) \ + do { dh->priv_key = priv_key; ret = 0; } while (0) + +#define set_dsa_params(dsa, p, q, g, ret) \ + do { dsa->p = p; dsa->q = q; dsa->g = g; ret = 0; } while (0) + +#define get_dh_pub_key(dh, pub_key) \ + (pub_key = dh->pub_key) + +#define get_dh_priv_key(dh, priv_key) \ + (priv_key = dh->priv_key) + +#define set_dsa_sign(sign, r, s) \ + do { sign->r = r; sign->s = s; } while (0) + +#define get_dsa_sign(sign, r, s) \ + do { r = sign->r; s = sign->s; } while (0) + +#define set_dsa_keys(dsa, pub, priv, ret) \ + do { dsa->pub_key = pub; dsa->priv_key = priv; ret = 0; } while (0) + +#define set_dsa_pub_key(dsa, pub_key) \ + (dsa->pub_key = pub_key) + +#define get_dsa_priv_key(dsa, priv_key) \ + (priv_key = dsa->priv_key) + #else #define set_rsa_params(rsa, p, q, ret) \ @@ -35,6 +70,39 @@ #define set_rsa_keys(rsa, n, e, d, ret) \ (ret = !RSA_set0_key(rsa, n, e, d)) +#define set_dh_params(dh, p, g, ret) \ + (ret = !DH_set0_pqg(dh, p, NULL, g)) + +#define set_dh_priv_key(dh, priv_key, ret) \ + (ret = !DH_set0_key(dh, NULL, priv_key)) + +#define get_dh_pub_key(dh, pub_key) \ + (DH_get0_key(dh_key, &pub_key, NULL)) + +#define get_dh_priv_key(dh, priv_key) \ + (DH_get0_key(dh_key, NULL, &priv_key)) + +#define set_dsa_params(dsa, p, q, g, ret) \ + (ret = !DSA_set0_pqg(dsa, p, q, g)) + +#define set_dsa_priv_key(dsa, priv_key) \ + (DSA_set0_key(dsa, NULL, priv_key)) + +#define set_dsa_sign(sign, r, s) \ + (DSA_SIG_set0(sign, r, s)) + +#define get_dsa_sign(sign, r, s) \ + (DSA_SIG_get0(sign, &r, &s)) + +#define set_dsa_keys(dsa, pub, priv, ret) \ + (ret = !DSA_set0_key(dsa, pub, priv)) + +#define set_dsa_pub_key(dsa, pub_key) \ + (DSA_set0_key(dsa, pub_key, NULL)) + +#define get_dsa_priv_key(dsa, priv_key) \ + (DSA_get0_key(dsa, NULL, &priv_key)) + #endif /* version < 10100000 */ #endif /* __RTA_COMPAT_H__ */ diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index e21a6a1..3314802 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1543,6 +1543,230 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, op->status = RTE_CRYPTO_OP_STATUS_ERROR; } +/* process dsa sign operation */ +static int +process_openssl_dsa_sign_op(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + struct rte_crypto_dsa_op_param *op = &cop->asym->dsa; + DSA *dsa = sess->u.s.dsa; + DSA_SIG *sign = NULL; + + sign = DSA_do_sign(op->message.data, + op->message.length, + dsa); + + if (sign == NULL) { + OPENSSL_LOG(ERR, "%s:%d\n", __func__, __LINE__); + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + } else { + const BIGNUM *r = NULL, *s = NULL; + get_dsa_sign(sign, r, s); + + op->r.length = BN_bn2bin(r, op->r.data); + op->s.length = BN_bn2bin(s, op->s.data); + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + } + + DSA_SIG_free(sign); + + return 0; +} + +/* process dsa verify operation */ +static int +process_openssl_dsa_verify_op(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + struct rte_crypto_dsa_op_param *op = &cop->asym->dsa; + DSA *dsa = sess->u.s.dsa; + int ret; + DSA_SIG *sign = DSA_SIG_new(); + BIGNUM *r = NULL, *s = NULL; + BIGNUM *pub_key = NULL; + + if (sign == NULL) { + OPENSSL_LOG(ERR, " %s:%d\n", __func__, __LINE__); + cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + return -1; + } + + r = BN_bin2bn(op->r.data, + op->r.length, + r); + s = BN_bin2bn(op->s.data, + op->s.length, + s); + pub_key = BN_bin2bn(op->y.data, + op->y.length, + pub_key); + if (!r || !s || !pub_key) { + if (r) + BN_free(r); + if (s) + BN_free(s); + if (pub_key) + BN_free(pub_key); + + cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + return -1; + } + set_dsa_sign(sign, r, s); + set_dsa_pub_key(dsa, pub_key); + + ret = DSA_do_verify(op->message.data, + op->message.length, + sign, + dsa); + + if (ret != 1) + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + else + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + + DSA_SIG_free(sign); + + return 0; +} + +/* process dh operation */ +static int +process_openssl_dh_op(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + struct rte_crypto_dh_op_param *op = &cop->asym->dh; + DH *dh_key = sess->u.dh.dh_key; + BIGNUM *priv_key = NULL; + int ret = 0; + + if (sess->u.dh.key_op & + (1 << RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE)) { + /* compute shared secret using peer public key + * and current private key + * shared secret = peer_key ^ priv_key mod p + */ + BIGNUM *peer_key = NULL; + + /* copy private key and peer key and compute shared secret */ + peer_key = BN_bin2bn(op->pub_key.data, + op->pub_key.length, + peer_key); + if (peer_key == NULL) { + cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + return -1; + } + priv_key = BN_bin2bn(op->priv_key.data, + op->priv_key.length, + priv_key); + if (priv_key == NULL) { + BN_free(peer_key); + cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + return -1; + } + set_dh_priv_key(dh_key, priv_key, ret); + if (ret) { + OPENSSL_LOG(ERR, "Failed to set private key\n"); + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + BN_free(peer_key); + BN_free(priv_key); + return 0; + } + + ret = DH_compute_key( + op->shared_secret.data, + peer_key, dh_key); + if (ret < 0) { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + BN_free(peer_key); + /* priv key is already loaded into dh, + * let's not free that directly here. + * DH_free() will auto free it later. + */ + return 0; + } + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + op->shared_secret.length = ret; + BN_free(peer_key); + return 0; + } + + /* + * other options are public and private key generations. + * + * if user provides private key, + * then first set DH with user provided private key + */ + if ((sess->u.dh.key_op & + (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) && + !(sess->u.dh.key_op & + (1 << RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE))) { + /* generate public key using user-provided private key + * pub_key = g ^ priv_key mod p + */ + + /* load private key into DH */ + priv_key = BN_bin2bn(op->priv_key.data, + op->priv_key.length, + priv_key); + if (priv_key == NULL) { + cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + return -1; + } + set_dh_priv_key(dh_key, priv_key, ret); + if (ret) { + OPENSSL_LOG(ERR, "Failed to set private key\n"); + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + BN_free(priv_key); + return 0; + } + } + + /* generate public and private key pair. + * + * if private key already set, generates only public key. + * + * if private key is not already set, then set it to random value + * and update internal private key. + */ + if (!DH_generate_key(dh_key)) { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + return 0; + } + + if (sess->u.dh.key_op & (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) { + const BIGNUM *pub_key = NULL; + + OPENSSL_LOG(DEBUG, "%s:%d update public key\n", + __func__, __LINE__); + + /* get the generated keys */ + get_dh_pub_key(dh_key, pub_key); + + /* output public key */ + op->pub_key.length = BN_bn2bin(pub_key, + op->pub_key.data); + } + + if (sess->u.dh.key_op & + (1 << RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE)) { + const BIGNUM *priv_key = NULL; + + OPENSSL_LOG(DEBUG, "%s:%d updated priv key\n", + __func__, __LINE__); + + /* get the generated keys */ + get_dh_priv_key(dh_key, priv_key); + + /* provide generated private key back to user */ + op->priv_key.length = BN_bn2bin(priv_key, + op->priv_key.data); + } + + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + + return 0; +} + /* process modinv operation */ static int process_openssl_modinv_op(struct rte_crypto_op *cop, struct openssl_asym_session *sess) @@ -1713,6 +1937,19 @@ process_asym_op(struct openssl_qp *qp, struct rte_crypto_op *op, case RTE_CRYPTO_ASYM_XFORM_MODINV: retval = process_openssl_modinv_op(op, sess); break; + case RTE_CRYPTO_ASYM_XFORM_DH: + retval = process_openssl_dh_op(op, sess); + break; + case RTE_CRYPTO_ASYM_XFORM_DSA: + if (op->asym->dsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN) + retval = process_openssl_dsa_sign_op(op, sess); + else if (op->asym->dsa.op_type == + RTE_CRYPTO_ASYM_OP_VERIFY) + retval = + process_openssl_dsa_verify_op(op, sess); + else + op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + break; default: op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; break; diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index a23a9e2..ee31e1b 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -527,6 +527,48 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { }, } }, + { /* dh */ + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym = { + .xform_capa = { + .xform_type = RTE_CRYPTO_ASYM_XFORM_DH, + .op_types = + ((1<next != NULL) { + if ((xform->xform_type != RTE_CRYPTO_ASYM_XFORM_DH) && + (xform->next != NULL)) { OPENSSL_LOG(ERR, "chained xfrms are not supported on %s", rte_crypto_asym_xform_strings[xform->xform_type]); return -1; @@ -940,6 +983,147 @@ static int openssl_set_asym_session_parameters( asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODINV; break; } + case RTE_CRYPTO_ASYM_XFORM_DH: + { + BIGNUM *p = NULL; + BIGNUM *g = NULL; + + p = BN_bin2bn((const unsigned char *) + xform->dh.p.data, + xform->dh.p.length, + p); + g = BN_bin2bn((const unsigned char *) + xform->dh.g.data, + xform->dh.g.length, + g); + if (!p || !g) + goto err_dh; + + DH *dh = DH_new(); + if (dh == NULL) { + OPENSSL_LOG(ERR, + "failed to allocate resources\n"); + goto err_dh; + } + set_dh_params(dh, p, g, ret); + if (ret) { + DH_free(dh); + goto err_dh; + } + + /* + * setup xfrom for + * public key generate, or + * DH Priv key generate, or both + * public and private key generate + */ + asym_session->u.dh.key_op = (1 << xform->dh.type); + + if (xform->dh.type == + RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) { + /* check if next is pubkey */ + if ((xform->next != NULL) && + (xform->next->xform_type == + RTE_CRYPTO_ASYM_XFORM_DH) && + (xform->next->dh.type == + RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE) + ) { + /* + * setup op as pub/priv key + * pair generationi + */ + asym_session->u.dh.key_op |= + (1 << + RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE); + } + } + asym_session->u.dh.dh_key = dh; + asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DH; + break; + +err_dh: + OPENSSL_LOG(ERR, " failed to set dh params\n"); + if (p) + BN_free(p); + if (g) + BN_free(g); + return -1; + } + case RTE_CRYPTO_ASYM_XFORM_DSA: + { + BIGNUM *p = NULL, *g = NULL; + BIGNUM *q = NULL, *priv_key = NULL; + BIGNUM *pub_key = BN_new(); + BN_zero(pub_key); + + p = BN_bin2bn((const unsigned char *) + xform->dsa.p.data, + xform->dsa.p.length, + p); + + g = BN_bin2bn((const unsigned char *) + xform->dsa.g.data, + xform->dsa.g.length, + g); + + q = BN_bin2bn((const unsigned char *) + xform->dsa.q.data, + xform->dsa.q.length, + q); + if (!p || !q || !g) + goto err_dsa; + + priv_key = BN_bin2bn((const unsigned char *) + xform->dsa.x.data, + xform->dsa.x.length, + priv_key); + if (priv_key == NULL) + goto err_dsa; + + DSA *dsa = DSA_new(); + if (dsa == NULL) { + OPENSSL_LOG(ERR, + " failed to allocate resources\n"); + goto err_dsa; + } + + set_dsa_params(dsa, p, q, g, ret); + if (ret) { + DSA_free(dsa); + OPENSSL_LOG(ERR, "Failed to dsa params\n"); + goto err_dsa; + } + + /* + * openssl 1.1.0 mandate that public key can't be + * NULL in very first call. so set a dummy pub key. + * to keep consistency, lets follow same approach for + * both versions + */ + /* just set dummy public for very 1st call */ + set_dsa_keys(dsa, pub_key, priv_key, ret); + if (ret) { + DSA_free(dsa); + OPENSSL_LOG(ERR, "Failed to set keys\n"); + return -1; + } + asym_session->u.s.dsa = dsa; + asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA; + break; + +err_dsa: + if (p) + BN_free(p); + if (q) + BN_free(q); + if (g) + BN_free(g); + if (priv_key) + BN_free(priv_key); + if (pub_key) + BN_free(pub_key); + return -1; + } default: return -1; } @@ -1021,6 +1205,14 @@ static void openssl_reset_asym_session(struct openssl_asym_session *sess) BN_CTX_free(sess->u.m.ctx); } break; + case RTE_CRYPTO_ASYM_XFORM_DH: + if (sess->u.dh.dh_key) + DH_free(sess->u.dh.dh_key); + break; + case RTE_CRYPTO_ASYM_XFORM_DSA: + if (sess->u.s.dsa) + DSA_free(sess->u.s.dsa); + break; default: break; } diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h index 0ebe596..a8f2c84 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_private.h +++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h @@ -9,6 +9,8 @@ #include #include #include +#include +#include #define CRYPTODEV_NAME_OPENSSL_PMD crypto_openssl /**< Open SSL Crypto PMD device name */ @@ -159,6 +161,13 @@ struct openssl_asym_session { BIGNUM *modulus; BN_CTX *ctx; } m; + struct dh { + DH *dh_key; + uint32_t key_op; + } dh; + struct { + DSA *dsa; + } s; } u; } __rte_cache_aligned; /** Set and validate OPENSSL crypto session parameters */ From patchwork Thu Jul 12 14:08:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shally Verma X-Patchwork-Id: 42981 X-Patchwork-Delegate: pablo.de.lara.guarch@intel.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 505D11B4BA; Thu, 12 Jul 2018 16:09:26 +0200 (CEST) Received: from NAM05-DM3-obe.outbound.protection.outlook.com (mail-eopbgr730040.outbound.protection.outlook.com [40.107.73.40]) by dpdk.org (Postfix) with ESMTP id 6BC3F1B483 for ; Thu, 12 Jul 2018 16:09:23 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k28rG9+SyVaBhNkVyy13RF9Eej0z4YIou/fcqhS6vgs=; b=PZVFy5ckVq3PA8paBIRBjS5ISimmH7g2HKcQ8ZPO6UiDVWsT9qMwvCtFqT6xv7eL/5m2rbvUW5mlNQ2IWsvw7l/9GoTfEFziyZLwcISwWhjYMZQbUaIIL6E6q83G8j1pgbSAau1ZTVjHzZyuPQmXNpt7dAWHzIBxOjpcgybbz9s= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Shally.Verma@cavium.com; Received: from hyd1sverma-dt.caveonetworks.com (115.113.156.2) by DM5PR0701MB3637.namprd07.prod.outlook.com (2603:10b6:4:7d::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.952.18; Thu, 12 Jul 2018 14:09:19 +0000 From: Shally Verma To: pablo.de.lara.guarch@intel.com Cc: dev@dpdk.org, pathreya@caviumnetworks.com, nmurthy@caviumnetworks.com, Ashish Gupta , Sunila Sahu Date: Thu, 12 Jul 2018 19:38:46 +0530 Message-Id: <1531404526-17984-4-git-send-email-shally.verma@caviumnetworks.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1531404526-17984-1-git-send-email-shally.verma@caviumnetworks.com> References: <1531404526-17984-1-git-send-email-shally.verma@caviumnetworks.com> MIME-Version: 1.0 X-Originating-IP: [115.113.156.2] X-ClientProxiedBy: MAXPR0101CA0029.INDPRD01.PROD.OUTLOOK.COM (2603:1096:a00:d::15) To DM5PR0701MB3637.namprd07.prod.outlook.com (2603:10b6:4:7d::38) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 6e101f01-a2b9-44a7-2ffd-08d5e8011105 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060)(7193020); SRVR:DM5PR0701MB3637; X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3637; 3:JxyybA1BNMAv4E6T+MbByvjX1unDzw8FmP03hv1YopftFPqn66z+zJ+D18Qf+SskrAcW9SvJyFOZKbHkI1GM2yJ/RYafIye1AE3y16nS3f/QIoisnpsLf19gg1B5393nIUIJeLs9KEzEQ/+Dbl6bQILzEP2nV1D1r6h4ixL+kahpuLUEteCq8VlXm89RglQOt4dxn0Dchzn8smAdLEr+cox1adGNt/VieEhryTLmgSqNDjEf4O4zvq2bCZhyglUD; 25:RJkFkUKlJ59uuNZXKhNJqm6NWNwBcEL3ueChx9rKT18xybuAmT4+UgcuoCBFPdC/B099UGZtmWJvwUBPWNcqfhMxwPzfvqPGXxOhKhzq+YMwQ8Y7Tr2TCWnZ7tLAjYPDAr0EbVuf3RZty2SBMxNpLG9dBv25IZr+fxHwv3YUwGCmr5iVyvVkDVal2XCvuF3Z4K+NvcxQzPiT/ZuzIYumnjRqgRsRO6o5g7KF+oP0zcK5M00+aeh5CUte1BPABhhsMdsa9dFa3EugVAhWinAcsYoLKVQeieek3Fbg9DqtI230RMis7uZDglDWFOwEVm4p6Nv+1w9FQ/bpV21k6Hmtjg==; 31:Et7X3H5FH0i88MH7lA0qJZ6LlexQj9PUO15Ppt7Un0ClhJHjO5/rzof3o2+RS1dWEbGkUuQdohQatn/8upADxJ7Ac25BEg0Kom1Wlnaf5/AYliL1Wf3S1wDm17zV2ncQElressfgE17mj/0GL/LU3/IMp4y55sMNpfF6ZUTkeTMVmgUPInIhfMUvMe6WfoqeM8Z3OW84VUzwydtYWLV0OI0od6GcyvNUdRMpq49DAs0= X-MS-TrafficTypeDiagnostic: DM5PR0701MB3637: X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3637; 20:2Iv1QmYJVcqMV72rdnLpvPkhWQBzdvwJob2KE2xzUp5iZP9m3Fdmpkbw505/Ij/6TNO8Cczo4SP2Aw24DzzoNeFOtSjlhrGtdodSGf83Jdctdi4ryvlX3t7HbZcEGB8JZAEJLpfcdEDHa4qJBT1b0sbTD7R6O2eO2k3wtV2ZsVyYd8hZQVYdU7tI1wVcjMD1Yb9wwiYbBxaeHygDAK2OG8Y1zTKket5goM1t74cVjHmJrdVRaKBPT+vNnt0bIQt8wJaajsr6WKMx7O8QgSHYy5Km8NLRnHq4n7VrUIk6TscLdeTbc7cIjZah3qF/b4Y77Sg7Z/JkpjBfsirNi3V5/RTEurwcD1emcwRZXm18mt3wl9VntWdtcAsiny0GRF65fjbUzPIemrey0O3FVGdAcAVLJa05G79O0dSA/7m45IPVANnGaII8Ox7nCk3h/8/bKOYMZEVsGbaeuZ81kB36njZKAgidlWbB/0uC5NydRvro3Uxq7xfk0Sht833aw/2wED1AMaXPcOc1QS5255xrxHacvZPqC0TnVz6Hr1FbOyObjDnBfE79XKjba/TTGOpRZhZxLyGd00ceQNrncOqO3XnsQjEkz6yomGbAV1Cs8+E=; 4:KI7rREFoXUoUL12cDAnGIaryARWHkxnOFa3p+txUMcOHPWr4JZ5AF+y75hkA8HZ9WS50qMk9S79Of5TDW9HDdUTqRxXKpyC4ZUrQIPEhpUDb+HfIhA7aG9Jac0LUh888FI3CpsZPav6mkSk3UcVEnwRE3iv60MK6pLResIafVVnSsH5USL0NIpyegWsm4acQ/YKWNE8lh1XyWM2BXE6Bfb12Hu6TSGK7Koog87hzjggH2NStKCurb5El3/8orElYQNhj4neT8OoUaJgG1zDLXA== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3231311)(944501410)(52105095)(3002001)(10201501046)(93006095)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(20161123562045)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:DM5PR0701MB3637; BCL:0; PCL:0; RULEID:; SRVR:DM5PR0701MB3637; X-Forefront-PRVS: 0731AA2DE6 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(136003)(396003)(366004)(39860400002)(376002)(346002)(189003)(199004)(25786009)(6116002)(3846002)(81166006)(2351001)(8936002)(81156014)(8676002)(7736002)(305945005)(53416004)(575784001)(2906002)(105586002)(106356001)(97736004)(6916009)(6666003)(69596002)(6486002)(36756003)(53936002)(47776003)(6512007)(50226002)(66066001)(4326008)(72206003)(446003)(2616005)(316002)(956004)(54906003)(2361001)(478600001)(14444005)(26005)(107886003)(486006)(16526019)(50466002)(11346002)(76176011)(476003)(44832011)(386003)(52116002)(42882007)(186003)(51416003)(55236004)(6506007)(48376002)(68736007)(5660300001)(16586007); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR0701MB3637; H:hyd1sverma-dt.caveonetworks.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM5PR0701MB3637; 23:4sQ8BYIniRGJ+QL3Y/uuiCmlyO+/yuW2Gb7ksuk?= OFY1AGYs2TDxtGCUBkU1tuUbun+V4VtUl9jj5Ss0q6PNnBtrggjUxU4oZvSO5ekplLOiaTew/dShRjJNaq1geb9HYFOo5XFLZUJy0JFBdMNaUczA6LjJqvxZmSgkqAEhCfEpdrwVvvoytusv4bcquGvKHwB4RB/HmMCaaSgacH4fhFCKKAGfLKTZpKor0bt3aUWKGbjtIZEti14wZLIKJJ2L8MmgeJem0ZMTL0v7SMiY5zir4wObC049NhZEUp1VaVZ4zHK1Vyi7W8PERMfxCv8O2WsBjolARNmBRzHRXAjvr96zaOdnmbiXAcNZj/frpQMUhowoFebSo72KgJsw4/83/kKCsdc+cgUmRMaG0z6F+v24pFhFgM2IxP2FXpAeuLayD2oRKHmnfz2ftG/HJlvvUoX/wNzM10dZeFg6/7StcemjFks33JMmxhDbFjTG4UciZ94BdZKhOd2pOu/52IiFplFmMC0gZUBD4tQPpeejWuuj8aCWFRgyUSj+I8mkKHL260+dokX9IBqb7Nm8UYWN1+gVh2uf8+fcqEwA7313+UHC4TqEHx/xUgQzXvY140y16vl6ZYpSU0r+ldcrf+fXeoW/CjVl0ORZ/dEYFQLROPRBEgWSLXeU4OIABVphj5QLTH9BUmjbS6JVfLP4PIPhFbVHtfw26Mj/4dCVDJQQw6SISohf3ve1Pq1HVfScsxsTyHxv1gnISpYodU+a/78bkIoKkc+rF0xoRrLyqUQAjPRmrMhuFSl7SV5FUdqQDl1U8Zc0YkT2YjEvyzLwqdnITJsb3mw0T8AkNMd3v8/rGy1faVON2njiTGqPjJWGqNyZWAkExpl9dwPbhZ8birHH4aD99PFYcq/4B73CFnN0ovgq/4YZYq2ruL4fTaDsthhThqhqsUfRVQfwQ2ZQeWKpqxRLIhyhkVVLHONpp/1+WqEVBzGB2eEytU9vBV28hLFxsnKzeiBN9oINuGyRH1AdrWZlYvEdDUFhvMXJvlDZfyd+X2ivatbH0YaidfzlZellLK7SFuvv4q4givg2zrHCH0FkSDgzLInT/aJvadXe20Us8scXa1aUTY+7z9FxizNiV2SdLeEnGjjjQRO36+f1U8s9p1D9l3AdnVPr5trQzQxKuMMmJsRsasNT6mmFzGAfEuM9P2jZ7FJe3ya/qnw6+CJXvdTYvrnxmLxUHtHxixx9iYxujy0sOR3RBtFwHsPvjO3ed41gf8V5Gkr3RGlYFYMPBB1eo+2SO67mX798PRiw1F8u8K3y9sCnwSWM4nrgPZ/pO+gLMWL4Qx09i2hpRd5wZyo0LmHMki90wcLD06mD0MZd8Sp16wkdWxjs+oZ7PlZX9CEiAcbVAX1OgSJR5 X-Microsoft-Antispam-Message-Info: AOWZSZfliIidVCMekBFZJ1PyDeiE6HHKF7qzsxYyIjCYrLpM2SLvwrQS55e0sImqbj+TxdLd/ApCaI3YlN66mPqsx93FsHhtVI1ATSo8k/FDMAJkvHcBK4oUGv8owc2KixCbNQ5u26HTpp/9McqcPOMFM1Hga+/kvDKbLKrtMAcC3YYlsGB7eHA9PUa2UI/qY3ZNbNTALowo9E1lXaJlZ3dmpw1X/w87wdfHky2ZpcC+XMJ6MUZqR8q+lG0tJvN9KAe/YUkz/tphPGoG/uPtI7kkvC7hFoMWBC5dv0465pn+dXuU5ssnCgOgh1ZYApE7hpWHenWQxSjwo0hfgxzMQkMUcBK+5xdUrPgt9p997p0= X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3637; 6:J2w2Jxw3Jl1Q+PYuNDu8F5QpBkIrT7Dg8q/xO4bwuUWDenlvp6A3EnC0JBlSR/+UFnHvmgcU6wtojcWgMBbynMLOzw6A92YH8An0HqS+VHGBN7YZlaE//lcC2IMjMRLkNib9r0F7u2BJ6Yeb8wsch6hfQMAE8bkV2MwniRm0Eaz4Ot09WciJj6sgkv7fBSHO6zpDjVxfUHWPhecC4jMnBi2xjY3M/Sy3E1hX8WVjHWwJe4jX4fkPlm1yDhPKebC8TE3wnTT8g3x1LHuwHvxKryOlmihF0Ezm8x17912gV4U/in5chchfdsuJnsIPshMk0KecZqCbk02q1mohLvQ+r6E7bnMwLmoP9tBGhwa7JjUO5se90OdE3n5n+cG/GB3MEqE44nafGrgEbVTC7Cxh92XlxnDOVeD3OyLggPi3wrgXJwt4zjQIXJnRxas4flKIB3F/MorcYvTQNxtQlv5Ptg==; 5:+/uVBCvkjY8g28P3ZsIn6IpwBXsCPa37Z+8QfeBB4dc9y2u3HFIld3Y8txmjhrNbgUYQrNozpaDUknziOeg71jyUdKtvTiZQuzGPup1hObaNmmYeRgmrYZih2Uhsc7jJhh8gd9OOokRmVU82b7rPR9TpzTKx9YuCWx9V4qQCp5w=; 24:gYz+Wp9MBQ1ISRfmfEshu3FKuuk4yPZQ87W3lyeh60tXhxpekZyC1XYsrQ8Ti9jKN54YmCKiJwfLrnUythZIz4SX5bnDaXhzLgu1WTY0/sU= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3637; 7:/PdqQcVW7TU8fL1Sb1VrYrI0FGg1bkWVmJCSYx/lB1MlXsZph2GM57E8DjGFEMUoD8PSygFQ5zOgXP4Cf0e0B2qyT8xwPcs+2XzQERqMm5n9stQ95bkiTg9e94I67Q3ogqPqkDXZYM7+P+UI0mvOQuehc9XWOAwXt0r2cEruZHK6/MceViB9X8yU4pv2F8iepRU0Ml2nG8HA7BtI+fVymEntpYkYwB3Zmcmwm4WsTX5nDVjoUOCBMwXfaCh9kOOv X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jul 2018 14:09:19.9706 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6e101f01-a2b9-44a7-2ffd-08d5e8011105 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR0701MB3637 Subject: [dpdk-dev] [PATCH v4 3/3] doc: add asym feature list X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Ashish Gupta Signed-off-by: Sunila Sahu Signed-off-by: Shally Verma Signed-off-by: Ashish Gupta --- doc/guides/cryptodevs/features/openssl.ini | 11 +++++++++++ doc/guides/cryptodevs/openssl.rst | 1 + 2 files changed, 12 insertions(+) diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/cryptodevs/features/openssl.ini index 626ec1b..b9c0bdc 100644 --- a/doc/guides/cryptodevs/features/openssl.ini +++ b/doc/guides/cryptodevs/features/openssl.ini @@ -8,6 +8,7 @@ Symmetric crypto = Y Sym operation chaining = Y OOP SGL In LB Out = Y OOP LB In LB Out = Y +Asymmetric crypto = Y ; ; Supported crypto algorithms of the 'openssl' crypto driver. @@ -50,3 +51,13 @@ AES GCM (256) = Y AES CCM (128) = Y AES CCM (192) = Y AES CCM (256) = Y + +; +; Supported Asymmetric algorithms of the 'openssl' crypto driver. +; +[Asymmetric] +RSA = Y +DSA = Y +Modular Exponentiation = Y +Modular Inversion = Y +Diffie-hellman = Y diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst index 427fc80..bdc30f6 100644 --- a/doc/guides/cryptodevs/openssl.rst +++ b/doc/guides/cryptodevs/openssl.rst @@ -80,6 +80,7 @@ crypto processing. Test name is cryptodev_openssl_autotest. For performance test cryptodev_openssl_perftest can be used. +For asymmetric crypto operations testing, run cryptodev_openssl_asym_autotest. To verify real traffic l2fwd-crypto example can be used with this command: