From patchwork Mon Jul 23 14:46:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shally Verma X-Patchwork-Id: 43273 X-Patchwork-Delegate: pablo.de.lara.guarch@intel.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 7F27A31FC; Mon, 23 Jul 2018 16:46:40 +0200 (CEST) Received: from NAM04-SN1-obe.outbound.protection.outlook.com (mail-eopbgr700088.outbound.protection.outlook.com [40.107.70.88]) by dpdk.org (Postfix) with ESMTP id C300F20BD for ; Mon, 23 Jul 2018 16:46:38 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6o/bbODMR+gT4nIpUNKEr+D3LKNIaNzqShZqj3YEBC4=; b=TBtNyDvuZLMfyep357QrQ1ALnU1htz6bwZjOb8G5rj5PHMjM72/h5zvgfhqjXapfHmjFREMQzwaVaUvuHHI4+EyWxiYV0Cdq6NA2TCmvTzkrDEKgkd4i2ybG6A51MBHPsndIwUM/youvXb89kUXXJkKIDi0hu1xXkq3X0LmFh7U= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Shally.Verma@cavium.com; Received: from hyd1sverma-dt.caveonetworks.com (115.113.156.2) by DM5PR0701MB3640.namprd07.prod.outlook.com (2603:10b6:4:7e::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.973.20; Mon, 23 Jul 2018 14:46:35 +0000 From: Shally Verma To: pablo.de.lara.guarch@intel.com Cc: dev@dpdk.org, pathreya@caviumnetworks.com, nmurthy@caviumnetworks.com, Sunila Sahu , Ashish Gupta Date: Mon, 23 Jul 2018 20:16:03 +0530 Message-Id: <1532357165-8575-2-git-send-email-shally.verma@caviumnetworks.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1532357165-8575-1-git-send-email-shally.verma@caviumnetworks.com> References: <1532357165-8575-1-git-send-email-shally.verma@caviumnetworks.com> MIME-Version: 1.0 X-Originating-IP: [115.113.156.2] X-ClientProxiedBy: MA1PR0101CA0020.INDPRD01.PROD.OUTLOOK.COM (2603:1096:a00:21::30) To DM5PR0701MB3640.namprd07.prod.outlook.com (2603:10b6:4:7e::12) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 577cd0c3-f56d-4e5a-90a1-08d5f0ab17c9 X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600073)(711020)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060)(7193020); SRVR:DM5PR0701MB3640; X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3640; 3:mY5pL4veZAtovPH7c2HqEliQSr4xDApzzRpucQDbr+vPfyFZE84cvP6Hw7aAfVgLqnrLORLsZUkzDDx2JDtIpCATWB8Kd4hKt1LuyGKQ5AnoFYWz/oiw0Sras7lP1DFzd0jkOduJjTIj2h7jRLBuSsOxlriQ3+WV4BhsBxFNnv8KzIRillW+tC2AHrnbpgAwA0R/dddlOdLOvvE9eYxrgPeILwzuU0JpO7lmSM28LmBNVd2mBxGJhl2Tqnn7UTE8; 25:hl2dv/3LvWF3olFvd7h7J2GhKyirM9syspjbmGj1+G28/xUX0R0TiVmN4f/HUJB7MYGNJJHSDme8T8px08Yxd6EVkWRoBAO41YnGXxreLUhjG5U9Fak0U+wrwMeSvo3pk8sboivSm08BTxIOmH46H1plSACRpB5YbPE2vI6XoNH8JZm/HxF9N8E5nt1j0zBcLRnG8DqDsO9ANx6oqpUuYHzqeL8hcEO33HbjBz0iyvGsVU+Tev3lmona0mkO/Ktd9vwwMds1RqIeP7Qdp76P9t7GnrOWzMDC3eUlyxeV8C/h9B71ojwWm9zl3nju3mv+PH7KN9jZMTXmBVttjd3Pgw==; 31:zK+LRIH2h9hySSUmt22ei6l2gYVcxuPtTxDNjqVFG6lEHb1X0PKMNXslM4j02tt4wcQdr5mzYuB7zKwFz7UWXKWzx4yplHi60rsB4isEPnZGsRVImcxBCLnV3Di40fQ9xXBaTGnwdQhVQszBZQXtBTGH44tRjSJqmL/C0Nu20VRlKrF7VS9AzVjKZ8zW1tmpA/zrHEzwgB6RIAZH9MOk8BYlLs/xJyW/pN78q63Cptc= X-MS-TrafficTypeDiagnostic: DM5PR0701MB3640: X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3640; 20:/iBL6Ocp1miWIhpGFQYceK4yB5hMA3hV2KmcJJhJDrGhwGn9m6E4oYrd+ol6/tmmYCB6Km/tWw85lz0+YwLRAv6m7CiyIZh96bWGDMqvAiMLkMVTowILRs1b+2+uxV/3txFBRJvsUv04j+HVPVAlOLQV9Yq5ZBUuN6Hb8oXxtCFlww+cv1ZPoDRgdezuWWrsSSBGZ+maD6kvMLeIp8X5KPm2jeWNaFUTZcTdS/ax5OpMiZQFP+yTfVSkadCH/g/0biyehyNMKN4dDqjYPKMzgbDSzd0Ni+SiLxg/R7Br3DYLLPyd09K9OD78m2UGD5kNJfUpd/DZB/rNayMt5BTnvR/ejNf0lugZTti3bOR48SMEWDkWLHCMhUviVGZhSZHSP4L6ipbw5K5iDAHkBvFxJ/Wz2uEZ1rf5gFFpnmm9hBe/jnC5Nd0A4qN/ey1BRys9Vb2liQ7UYbYhMcSKmBrM3vwGYGwyrSTSVLJixdsyZp2SWnWmLWiV+Ir14ntCvMY680eZv+yHR1u4D5wiwQEh269GDezOzbdE+OaJmUIP7p/+i6BDptanam6pYFDe/3gXJjtltpy2ygnvjtU8h0qdB7A4vDjeRCsSxUTNh897zKk=; 4:/UyvJKof7rkX4T87SsHj6/zCMbxZXtRqIrbMXdLfsXFKKPEFQDhGkW3JHg2w3yGJ5geXb19oRMwhom1I/x/t17ILJT2a5ijm5dvS5TVZavqrriEwQB9GRBhS+X0qML+yabbvuAKKgBzegQWFlGj7kFVru9MH/C6sK6DZpsdBCs4tImMke9W0X1waL6yyiLmgIEMLDtTbWZCBN/Wsq2TgDxwhv3XGVsvxyw9F5lf3/05LWUn0yZ8ObA0Fe0gty5CEwllEgKemVdTeFd8z6d1aYA== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3002001)(10201501046)(3231311)(944501410)(52105095)(93006095)(149027)(150027)(6041310)(20161123558120)(20161123562045)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011)(7699016); SRVR:DM5PR0701MB3640; BCL:0; PCL:0; RULEID:; SRVR:DM5PR0701MB3640; X-Forefront-PRVS: 0742443479 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(346002)(396003)(366004)(39860400002)(136003)(189003)(199004)(6486002)(42882007)(16586007)(478600001)(305945005)(446003)(50226002)(50466002)(5660300001)(11346002)(7736002)(476003)(48376002)(36756003)(44832011)(8676002)(486006)(2616005)(956004)(3846002)(14444005)(575784001)(68736007)(54906003)(47776003)(72206003)(6116002)(97736004)(316002)(69596002)(107886003)(4326008)(2906002)(81166006)(66066001)(81156014)(2361001)(8936002)(25786009)(6512007)(53416004)(26005)(106356001)(6916009)(105586002)(55236004)(186003)(386003)(52116002)(6506007)(53936002)(6666003)(76176011)(51416003)(2351001)(16526019); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR0701MB3640; H:hyd1sverma-dt.caveonetworks.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM5PR0701MB3640; 23:lYEo8c/FBjW6XnxxbUV0Wh7C9O/HNFsIx1JxjOp?= TUysi9lEwnRIVsHMNq5jPbyygx19LBY9lRc6vLVwGQfJOHWvIenYspT1Hk6det+MYACB86R9C/QjforOSvTzSNAj9la0tO0LG3uhAv/8CN7ufUfIsof3EXKBf/NjQwd8KmNz8kWTDc2lYiaZUy+NfdDRIHZUKrymqRQ8lJwcua1633xXVhf27qXCtFbcZPt01V2vsZFQc9jT7boJVzVqSM4q2Lufu8PWDT2E7WurhkRnwikXWJqkzIj06rG52Ppnv9N5B9FhPFQyOAFwt35WqgcyCKlNJ7uf9ZLBlqPe+glHbJQPFFhRN6lXj584QKJAUF6P9ywMHaoiILYXxxpMX8bL5dP4BziNd90FA750fdboF2+rESYyhLiBNExr7BzFqiEmXAsfPJKDyo9RqLuvqh0lMcbqHogDfd/+OunCnd90z91V/WAy9N7T/7q1V9HNuhYUBFc0RbiPgI75t9Ny3MZOGSpquSssYy3JqwIdotL0nIxKe+gqZ/4047icdtrkt714VPLD5VTNC9h4Nt6udy0J5KD+wTF+f+1QK7P2GZ4VPgnFEbpwoAXTNT0d/wNwPu+OHlvTwMXlY9r2Wf3zJ1sK6JlcQ+JtgG58kNs4CnSdgO3B1Sz6iHeOwX3AO9aVu/Mb+tcdJpvfoLk84Nm5qnl1wmBM/lXh4AJ15pMocZGuXkTSMTqdVT0/RsfDiA9Ltc5Cd0Ek0Su/OpzJ74cmQ1ud7sw8Ay48jv3SqGKtExwjbX59Pk6X3wlvsu/3UrRxPA9OhH65lY6Y060HZ6CMAL3LqLmfzHh1wx62WKaYlbCk/b5z/3dnpaLXaYMvo68+QgpgIEQdV4PlZHKAA6Y0fUiBZkDkLIKAxyfYLZKwGTSbeX6+FpoexBTS8+eVwU3QOkQAhIU8mzj5yCrkcHS5NkCp3K12/E2JzmvrU7XNUTjPPuTEwseH01tqcAHSEqv92jp0uhWqNbonb8K6Agu0snVPrUQzayL/x8rzFSxlVkzz3T9IuYNTJko/VIV97BwU5SsABKREYvSKc8GXzTmdtgTk6nU7h8oWCYJh110yzB+JjqLUDUfdLrbMo1wd/EYONRK4VpvlBr3OuXY2Yo6urwg6EUBsWlocPyS0F5BHvcG382C3ZWZVcl0/m0pZxHuWDOB9Oglm/veUjsitlpPcXySx1SKP9izFXLhsCg7ogoppb5/qTaDoeoWFCm3E8GgHL7fsY99URqRkXmROJDx8rUbY07MkBqszJPt2KUIspHPZKZgxMO4lAQFauazthPJM2d2YM7I/WJJQ2KwV4iM4rZxRLtfH3RRETHpmshi2R5dtcWZUkwrQFr0z8UpC0bqm5yTA/VZt7tYxFr6gQq+OjIS7o X-Microsoft-Antispam-Message-Info: GV//lDTBIyx6uJzuAeRM5NCvoaldyQ4Imfg9fHjikeMNS5wLCWnTvxZhVutV6di4FLnQmpzmgpyRmPutLc90SdZWrcxe1Ae27AJExfs2R7o0DINtGieJafWcbeIonduy618A0yMRPoK6zvj6pSpLpQEeBoOjpGlu8WA5teq87ZEh23WwScQpYsiLAQFQf4tsY5hjjlrXtMaACgsFo/3QuH23MAwBZiyXsrn5n2i64D01BgPDG0SK95nUKCFC+jAtJ353AjVVb5McPOZFFIvwTTuh+edWjBKmZeNvBj7GuYgfBs9PQ79Gmu0cOfNgHWgVZtK09yExpir/NzA0ogkZ6e2exDX0jeXVNvnZxo81wAA= X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3640; 6:tjwX7WSQoHegSTxp2PFSAEpwp/jz0eKy8QrP9ySXNiqLzy66O+3yb20lc8nIAuvfTSOIh3srHqhc5lwJGUyRJf9acTRkbL0c4Mjp0nmla4eBFly4nembtt7Le4N7gx0gMby8GxgQ7InUcFGGQxsNTxLdtB9jU/lzs2GHcHS74NuRAjx5I6f6p5HISCMdM8JwFGuzpsOeomGD52vJxZJGplys13MYlqTEMzxrP2vEPRMjPgN/r9/qIZIHa7eBqIn0QgzL95rlqILMFzKELnp3hUGIWYTa+oeL+zZ4ApgCr4I30hMZvxmvwOIlGUDQ7dkcOXQiXqGk4FVg1f3mcEktrhOrc70bIqSdJAEdxecWyRutt0YWnmlfLOekE02pllr2g4etq4L/ipXuUF2voCBUmdl/hYlnikbt4AWWZAMvwF1g1cTip0MOo2R50uK+aJGqNWctnd/EJAhI8g5x7qbfBQ==; 5:5r7ndXEpGWunUaQOC0x5+jzZQ8guJ9SIM7K/tk8lPeYkWMwv+ZWV4oe4qyPEhL4sx1DYu+DNqy6wUln8vv38eVHg0JRrbQSDjkxNqWtS6lWa2QMkz1Nu/rTWJ5Fs88AlOcCDmCzphYJqSvIyoF7GSVhha98QJ5pNKafA03hufiU=; 7:WxTWosZYZaAzGYaUXbnoH9pbKwiKtXPSMNbMJ/D5bf5CoBKg8rLMwx0IF3YrmSRzT54hsjUIuZZ7BP9RaRow2WMPaERH0IGSRrxrAmsU4DXxUaHTyZt48SpPrAkpmY+Us/Zu7IDtb6uzPWAbdfuAWAQfMwiGShVQnG0OHsAjd+i91ZIxJ+b8Q3+9qD9Vi3EJrhO5mIQtgh2lj4pECLFuzpwh7yLXJS5jKVyErSJ60iwKKtP8BC7ULiwQDI1Io6sE SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jul 2018 14:46:35.0547 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 577cd0c3-f56d-4e5a-90a1-08d5f0ab17c9 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR0701MB3640 Subject: [dpdk-dev] [PATCH v5 1/3] crypto/openssl: add rsa and mod asym op X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Sunila Sahu - Add compat.h to make pmd compatible to openssl-1.1.0 and backward version - Add rsa sign/verify/encrypt/decrypt and modular operation support Signed-off-by: Sunila Sahu Signed-off-by: Shally Verma Signed-off-by: Ashish Gupta --- drivers/crypto/openssl/compat.h | 40 +++ drivers/crypto/openssl/rte_openssl_pmd.c | 231 +++++++++++++++- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 336 ++++++++++++++++++++++- drivers/crypto/openssl/rte_openssl_pmd_private.h | 19 ++ 4 files changed, 614 insertions(+), 12 deletions(-) diff --git a/drivers/crypto/openssl/compat.h b/drivers/crypto/openssl/compat.h new file mode 100644 index 0000000..8ece808 --- /dev/null +++ b/drivers/crypto/openssl/compat.h @@ -0,0 +1,40 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2018 Cavium Networks + */ + +#ifndef __RTA_COMPAT_H__ +#define __RTA_COMPAT_H__ + +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + +#define set_rsa_params(rsa, p, q, ret) \ + do {rsa->p = p; rsa->q = q; ret = 0; } while (0) + +#define set_rsa_crt_params(rsa, dmp1, dmq1, iqmp, ret) \ + do { \ + rsa->dmp1 = dmp1; \ + rsa->dmq1 = dmq1; \ + rsa->iqmp = iqmp; \ + ret = 0; \ + } while (0) + +#define set_rsa_keys(rsa, n, e, d, ret) \ + do { \ + rsa->n = n; rsa->e = e; rsa->d = d; ret = 0; \ + } while (0) + +#else + +#define set_rsa_params(rsa, p, q, ret) \ + (ret = !RSA_set0_factors(rsa, p, q)) + +#define set_rsa_crt_params(rsa, dmp1, dmq1, iqmp, ret) \ + (ret = !RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)) + +/* n, e must be non-null, d can be NULL */ +#define set_rsa_keys(rsa, n, e, d, ret) \ + (ret = !RSA_set0_key(rsa, n, e, d)) + +#endif /* version < 10100000 */ + +#endif /* __RTA_COMPAT_H__ */ diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 96b0fd2..9d18e67 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -14,6 +14,7 @@ #include #include "rte_openssl_pmd_private.h" +#include "compat.h" #define DES_BLOCK_SIZE 8 @@ -730,19 +731,36 @@ openssl_reset_session(struct openssl_session *sess) } /** Provide session for operation */ -static struct openssl_session * +static void * get_session(struct openssl_qp *qp, struct rte_crypto_op *op) { struct openssl_session *sess = NULL; + struct openssl_asym_session *asym_sess = NULL; if (op->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { - /* get existing session */ - if (likely(op->sym->session != NULL)) - sess = (struct openssl_session *) - get_sym_session_private_data( - op->sym->session, - cryptodev_driver_id); + if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) { + /* get existing session */ + if (likely(op->sym->session != NULL)) + sess = (struct openssl_session *) + get_sym_session_private_data( + op->sym->session, + cryptodev_driver_id); + } else { + if (likely(op->asym->session != NULL)) + asym_sess = (struct openssl_asym_session *) + get_asym_session_private_data( + op->asym->session, + cryptodev_driver_id); + if (asym_sess == NULL) + op->status = + RTE_CRYPTO_OP_STATUS_INVALID_SESSION; + return asym_sess; + } } else { + /* sessionless asymmetric not supported */ + if (op->type == RTE_CRYPTO_OP_TYPE_ASYMMETRIC) + return NULL; + /* provide internal session */ void *_sess = NULL; void *_sess_private_data = NULL; @@ -1528,6 +1546,193 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, op->status = RTE_CRYPTO_OP_STATUS_ERROR; } +/* process modinv operation */ +static int process_openssl_modinv_op(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + struct rte_crypto_asym_op *op = cop->asym; + BIGNUM *base = BN_CTX_get(sess->u.m.ctx); + BIGNUM *res = BN_CTX_get(sess->u.m.ctx); + + if (unlikely(base == NULL || res == NULL)) { + if (base) + BN_free(base); + if (res) + BN_free(res); + cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + return -1; + } + + base = BN_bin2bn((const unsigned char *)op->modinv.base.data, + op->modinv.base.length, base); + + if (BN_mod_inverse(res, base, sess->u.m.modulus, sess->u.m.ctx)) { + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + op->modinv.base.length = BN_bn2bin(res, op->modinv.base.data); + } else { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + } + + return 0; +} + +/* process modexp operation */ +static int process_openssl_modexp_op(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + struct rte_crypto_asym_op *op = cop->asym; + BIGNUM *base = BN_CTX_get(sess->u.e.ctx); + BIGNUM *res = BN_CTX_get(sess->u.e.ctx); + + if (unlikely(base == NULL || res == NULL)) { + if (base) + BN_free(base); + if (res) + BN_free(res); + cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + return -1; + } + + base = BN_bin2bn((const unsigned char *)op->modinv.base.data, + op->modinv.base.length, base); + + if (BN_mod_exp(res, base, sess->u.e.exp, + sess->u.e.mod, sess->u.e.ctx)) { + op->modinv.base.length = BN_bn2bin(res, op->modinv.base.data); + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + } else { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + } + + return 0; +} + +/* process rsa operations */ +static int process_openssl_rsa_op(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + int ret = 0; + struct rte_crypto_asym_op *op = cop->asym; + RSA *rsa = sess->u.r.rsa; + uint32_t pad = (op->rsa.pad); + + switch (pad) { + case RTE_CRYPTO_RSA_PKCS1_V1_5_BT0: + case RTE_CRYPTO_RSA_PKCS1_V1_5_BT1: + case RTE_CRYPTO_RSA_PKCS1_V1_5_BT2: + pad = RSA_PKCS1_PADDING; + break; + case RTE_CRYPTO_RSA_PADDING_NONE: + pad = RSA_NO_PADDING; + break; + default: + cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + OPENSSL_LOG(ERR, + "rsa pad type not supported %d\n", pad); + return 0; + } + + switch (op->rsa.op_type) { + case RTE_CRYPTO_ASYM_OP_ENCRYPT: + ret = RSA_public_encrypt(op->rsa.message.length, + op->rsa.message.data, + op->rsa.message.data, + rsa, + pad); + + if (ret > 0) + op->rsa.message.length = ret; + OPENSSL_LOG(DEBUG, + "length of encrypted text %d\n", ret); + break; + + case RTE_CRYPTO_ASYM_OP_DECRYPT: + ret = RSA_private_decrypt(op->rsa.message.length, + op->rsa.message.data, + op->rsa.message.data, + rsa, + pad); + if (ret > 0) + op->rsa.message.length = ret; + break; + + case RTE_CRYPTO_ASYM_OP_SIGN: + ret = RSA_private_encrypt(op->rsa.message.length, + op->rsa.message.data, + op->rsa.sign.data, + rsa, + pad); + if (ret > 0) + op->rsa.sign.length = ret; + break; + + case RTE_CRYPTO_ASYM_OP_VERIFY: + ret = RSA_public_decrypt(op->rsa.sign.length, + op->rsa.sign.data, + op->rsa.sign.data, + rsa, + pad); + + OPENSSL_LOG(DEBUG, + "Length of public_decrypt %d " + "length of message %zd\n", + ret, op->rsa.message.length); + + if (memcmp(op->rsa.sign.data, op->rsa.message.data, + op->rsa.message.length)) { + OPENSSL_LOG(ERR, + "RSA sign Verification failed"); + return -1; + } + break; + + default: + /* allow ops with invalid args to be pushed to + * completion queue + */ + cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + break; + } + + if (ret < 0) + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + + return 0; +} + +static int +process_asym_op(struct openssl_qp *qp, struct rte_crypto_op *op, + struct openssl_asym_session *sess) +{ + int retval = 0; + + op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + + switch (sess->xfrm_type) { + case RTE_CRYPTO_ASYM_XFORM_RSA: + retval = process_openssl_rsa_op(op, sess); + break; + case RTE_CRYPTO_ASYM_XFORM_MODEX: + retval = process_openssl_modexp_op(op, sess); + break; + case RTE_CRYPTO_ASYM_XFORM_MODINV: + retval = process_openssl_modinv_op(op, sess); + break; + default: + op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + break; + } + if (!retval) { + /* op processed so push to completion queue as processed */ + retval = rte_ring_enqueue(qp->processed_ops, (void *)op); + if (retval) + /* return error if failed to put in completion queue */ + retval = -1; + } + + return retval; +} + /** Process crypto operation for mbuf */ static int process_op(struct openssl_qp *qp, struct rte_crypto_op *op, @@ -1600,7 +1805,7 @@ static uint16_t openssl_pmd_enqueue_burst(void *queue_pair, struct rte_crypto_op **ops, uint16_t nb_ops) { - struct openssl_session *sess; + void *sess; struct openssl_qp *qp = queue_pair; int i, retval; @@ -1609,7 +1814,12 @@ openssl_pmd_enqueue_burst(void *queue_pair, struct rte_crypto_op **ops, if (unlikely(sess == NULL)) goto enqueue_err; - retval = process_op(qp, ops[i], sess); + if (ops[i]->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) + retval = process_op(qp, ops[i], + (struct openssl_session *) sess); + else + retval = process_asym_op(qp, ops[i], + (struct openssl_asym_session *) sess); if (unlikely(retval < 0)) goto enqueue_err; } @@ -1664,7 +1874,8 @@ cryptodev_openssl_create(const char *name, RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING | RTE_CRYPTODEV_FF_CPU_AESNI | RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT | - RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT; + RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT | + RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO; /* Set vector instructions mode supported */ internals = dev->data->dev_private; diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 05f452d..bbc203e 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -9,6 +9,7 @@ #include #include "rte_openssl_pmd_private.h" +#include "compat.h" static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { @@ -469,6 +470,63 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { }, } }, } }, + { /* RSA */ + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym = { + .xform_capa = { + .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA, + .op_types = ((1 << RTE_CRYPTO_ASYM_OP_SIGN) | + (1 << RTE_CRYPTO_ASYM_OP_VERIFY) | + (1 << RTE_CRYPTO_ASYM_OP_ENCRYPT) | + (1 << RTE_CRYPTO_ASYM_OP_DECRYPT)), + { + .modlen = { + /* min length is based on openssl rsa keygen */ + .min = 30, + /* value 0 symbolizes no limit on max length */ + .max = 0, + .increment = 1 + }, } + } + }, + } + }, + { /* modexp */ + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym = { + .xform_capa = { + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODEX, + .op_types = 0, + { + .modlen = { + /* value 0 symbolizes no limit on min length */ + .min = 0, + /* value 0 symbolizes no limit on max length */ + .max = 0, + .increment = 1 + }, } + } + }, + } + }, + { /* modinv */ + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym = { + .xform_capa = { + .xform_type = RTE_CRYPTO_ASYM_XFORM_MODINV, + .op_types = 0, + { + .modlen = { + /* value 0 symbolizes no limit on min length */ + .min = 0, + /* value 0 symbolizes no limit on max length */ + .max = 0, + .increment = 1 + }, } + } + }, + } + }, RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() }; @@ -655,13 +713,20 @@ openssl_pmd_qp_count(struct rte_cryptodev *dev) return dev->data->nb_queue_pairs; } -/** Returns the size of the session structure */ +/** Returns the size of the symmetric session structure */ static unsigned openssl_pmd_sym_session_get_size(struct rte_cryptodev *dev __rte_unused) { return sizeof(struct openssl_session); } +/** Returns the size of the asymmetric session structure */ +static unsigned +openssl_pmd_asym_session_get_size(struct rte_cryptodev *dev __rte_unused) +{ + return sizeof(struct openssl_asym_session); +} + /** Configure the session from a crypto xform chain */ static int openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused, @@ -698,6 +763,226 @@ openssl_pmd_sym_session_configure(struct rte_cryptodev *dev __rte_unused, return 0; } +static int openssl_set_asym_session_parameters( + struct openssl_asym_session *asym_session, + struct rte_crypto_asym_xform *xform) +{ + int ret = 0; + + if (xform->next != NULL) { + OPENSSL_LOG(ERR, "chained xfrms are not supported on %s", + rte_crypto_asym_xform_strings[xform->xform_type]); + return -1; + } + + switch (xform->xform_type) { + case RTE_CRYPTO_ASYM_XFORM_RSA: + { + BIGNUM *n = NULL; + BIGNUM *e = NULL; + BIGNUM *d = NULL; + BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL; + BIGNUM *iqmp = NULL, *dmq1 = NULL; + + /* copy xfrm data into rsa struct */ + n = BN_bin2bn((const unsigned char *)xform->rsa.n.data, + xform->rsa.n.length, n); + e = BN_bin2bn((const unsigned char *)xform->rsa.e.data, + xform->rsa.e.length, e); + + if (!n || !e) + goto err_rsa; + + RSA *rsa = RSA_new(); + if (rsa == NULL) + goto err_rsa; + + if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) { + d = BN_bin2bn( + (const unsigned char *)xform->rsa.d.data, + xform->rsa.d.length, + d); + if (!d) { + RSA_free(rsa); + goto err_rsa; + } + } else { + p = BN_bin2bn((const unsigned char *) + xform->rsa.qt.p.data, + xform->rsa.qt.p.length, + p); + q = BN_bin2bn((const unsigned char *) + xform->rsa.qt.q.data, + xform->rsa.qt.q.length, + q); + dmp1 = BN_bin2bn((const unsigned char *) + xform->rsa.qt.dP.data, + xform->rsa.qt.dP.length, + dmp1); + dmq1 = BN_bin2bn((const unsigned char *) + xform->rsa.qt.dQ.data, + xform->rsa.qt.dQ.length, + dmq1); + iqmp = BN_bin2bn((const unsigned char *) + xform->rsa.qt.qInv.data, + xform->rsa.qt.qInv.length, + iqmp); + + if (!p || !q || !dmp1 || !dmq1 || !iqmp) { + RSA_free(rsa); + goto err_rsa; + } + set_rsa_params(rsa, p, q, ret); + if (ret) { + OPENSSL_LOG(ERR, + "failed to set rsa params\n"); + RSA_free(rsa); + goto err_rsa; + } + set_rsa_crt_params(rsa, dmp1, dmq1, iqmp, ret); + if (ret) { + OPENSSL_LOG(ERR, + "failed to set crt params\n"); + RSA_free(rsa); + /* + * set already populated params to NULL + * as its freed by call to RSA_free + */ + p = q = NULL; + goto err_rsa; + } + } + + set_rsa_keys(rsa, n, e, d, ret); + if (ret) { + OPENSSL_LOG(ERR, "Failed to load rsa keys\n"); + RSA_free(rsa); + return -1; + } + asym_session->u.r.rsa = rsa; + asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA; + break; +err_rsa: + if (n) + BN_free(n); + if (e) + BN_free(e); + if (d) + BN_free(d); + if (p) + BN_free(p); + if (q) + BN_free(q); + if (dmp1) + BN_free(dmp1); + if (dmq1) + BN_free(dmq1); + if (iqmp) + BN_free(iqmp); + + return -1; + } + case RTE_CRYPTO_ASYM_XFORM_MODEX: + { + struct rte_crypto_modex_xform *xfrm = &(xform->modex); + + BN_CTX *ctx = BN_CTX_new(); + if (ctx == NULL) { + OPENSSL_LOG(ERR, + " failed to allocate resources\n"); + return -1; + } + BN_CTX_start(ctx); + BIGNUM *mod = BN_CTX_get(ctx); + BIGNUM *exp = BN_CTX_get(ctx); + if (mod == NULL || exp == NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return -1; + } + + mod = BN_bin2bn((const unsigned char *) + xfrm->modulus.data, + xfrm->modulus.length, mod); + exp = BN_bin2bn((const unsigned char *) + xfrm->exponent.data, + xfrm->exponent.length, exp); + asym_session->u.e.ctx = ctx; + asym_session->u.e.mod = mod; + asym_session->u.e.exp = exp; + asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODEX; + break; + } + case RTE_CRYPTO_ASYM_XFORM_MODINV: + { + struct rte_crypto_modinv_xform *xfrm = &(xform->modinv); + + BN_CTX *ctx = BN_CTX_new(); + if (ctx == NULL) { + OPENSSL_LOG(ERR, + " failed to allocate resources\n"); + return -1; + } + BN_CTX_start(ctx); + BIGNUM *mod = BN_CTX_get(ctx); + if (mod == NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return -1; + } + + mod = BN_bin2bn((const unsigned char *) + xfrm->modulus.data, + xfrm->modulus.length, + mod); + asym_session->u.m.ctx = ctx; + asym_session->u.m.modulus = mod; + asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODINV; + break; + } + default: + return -1; + } + + return 0; +} + +/** Configure the session from a crypto xform chain */ +static int +openssl_pmd_asym_session_configure(struct rte_cryptodev *dev __rte_unused, + struct rte_crypto_asym_xform *xform, + struct rte_cryptodev_asym_session *sess, + struct rte_mempool *mempool) +{ + void *asym_sess_private_data; + int ret; + + if (unlikely(sess == NULL)) { + OPENSSL_LOG(ERR, "invalid asymmetric session struct"); + return -EINVAL; + } + + if (rte_mempool_get(mempool, &asym_sess_private_data)) { + CDEV_LOG_ERR( + "Couldn't get object from session mempool"); + return -ENOMEM; + } + + ret = openssl_set_asym_session_parameters(asym_sess_private_data, + xform); + if (ret != 0) { + OPENSSL_LOG(ERR, "failed configure session parameters"); + + /* Return session to mempool */ + rte_mempool_put(mempool, asym_sess_private_data); + return ret; + } + + set_asym_session_private_data(sess, dev->driver_id, + asym_sess_private_data); + + return 0; +} /** Clear the memory of session so it doesn't leave key material behind */ static void @@ -717,6 +1002,50 @@ openssl_pmd_sym_session_clear(struct rte_cryptodev *dev, } } +static void openssl_reset_asym_session(struct openssl_asym_session *sess) +{ + switch (sess->xfrm_type) { + case RTE_CRYPTO_ASYM_XFORM_RSA: + if (sess->u.r.rsa) + RSA_free(sess->u.r.rsa); + break; + case RTE_CRYPTO_ASYM_XFORM_MODEX: + if (sess->u.e.ctx) { + BN_CTX_end(sess->u.e.ctx); + BN_CTX_free(sess->u.e.ctx); + } + break; + case RTE_CRYPTO_ASYM_XFORM_MODINV: + if (sess->u.m.ctx) { + BN_CTX_end(sess->u.m.ctx); + BN_CTX_free(sess->u.m.ctx); + } + break; + default: + break; + } +} + +/** Clear the memory of asymmetric session + * so it doesn't leave key material behind + */ +static void +openssl_pmd_asym_session_clear(struct rte_cryptodev *dev, + struct rte_cryptodev_asym_session *sess) +{ + uint8_t index = dev->driver_id; + void *sess_priv = get_asym_session_private_data(sess, index); + + /* Zero out the whole structure */ + if (sess_priv) { + openssl_reset_asym_session(sess_priv); + memset(sess_priv, 0, sizeof(struct openssl_asym_session)); + struct rte_mempool *sess_mp = rte_mempool_from_obj(sess_priv); + set_asym_session_private_data(sess, index, NULL); + rte_mempool_put(sess_mp, sess_priv); + } +} + struct rte_cryptodev_ops openssl_pmd_ops = { .dev_configure = openssl_pmd_config, .dev_start = openssl_pmd_start, @@ -733,8 +1062,11 @@ struct rte_cryptodev_ops openssl_pmd_ops = { .queue_pair_count = openssl_pmd_qp_count, .sym_session_get_size = openssl_pmd_sym_session_get_size, + .asym_session_get_size = openssl_pmd_asym_session_get_size, .sym_session_configure = openssl_pmd_sym_session_configure, - .sym_session_clear = openssl_pmd_sym_session_clear + .asym_session_configure = openssl_pmd_asym_session_configure, + .sym_session_clear = openssl_pmd_sym_session_clear, + .asym_session_clear = openssl_pmd_asym_session_clear }; struct rte_cryptodev_ops *rte_openssl_pmd_ops = &openssl_pmd_ops; diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h index 29fcb76..0ebe596 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_private.h +++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h @@ -8,6 +8,7 @@ #include #include #include +#include #define CRYPTODEV_NAME_OPENSSL_PMD crypto_openssl /**< Open SSL Crypto PMD device name */ @@ -142,6 +143,24 @@ struct openssl_session { } __rte_cache_aligned; +/** OPENSSL crypto private asymmetric session structure */ +struct openssl_asym_session { + enum rte_crypto_asym_xform_type xfrm_type; + union { + struct rsa { + RSA *rsa; + } r; + struct exp { + BIGNUM *exp; + BIGNUM *mod; + BN_CTX *ctx; + } e; + struct mod { + BIGNUM *modulus; + BN_CTX *ctx; + } m; + } u; +} __rte_cache_aligned; /** Set and validate OPENSSL crypto session parameters */ extern int openssl_set_session_parameters(struct openssl_session *sess, From patchwork Mon Jul 23 14:46:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shally Verma X-Patchwork-Id: 43274 X-Patchwork-Delegate: pablo.de.lara.guarch@intel.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id C2899325F; Mon, 23 Jul 2018 16:46:43 +0200 (CEST) Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0051.outbound.protection.outlook.com [104.47.41.51]) by dpdk.org (Postfix) with ESMTP id A52C83238 for ; Mon, 23 Jul 2018 16:46:42 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3iWtd1P8JJ/vyxm+gy3fxfnvNOzTYk8/PNqM5rkNK00=; b=n3gYNNju6qAHGYHvA+P3hZaz9pRqgbloCQwgNwDbuFGyWwKU/jGcxhftvwrgez27yOem1izKtCgH7J3Ur17JX2+NouJrnFGD6HbphftJiqD/dsnb3igqmlDHDISSEwzJkj3Z0fKiz9pcASBa9gCF0rkWNkiLNFeORXIJ37iB8OY= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Shally.Verma@cavium.com; Received: from hyd1sverma-dt.caveonetworks.com (115.113.156.2) by DM5PR0701MB3640.namprd07.prod.outlook.com (2603:10b6:4:7e::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.973.20; Mon, 23 Jul 2018 14:46:37 +0000 From: Shally Verma To: pablo.de.lara.guarch@intel.com Cc: dev@dpdk.org, pathreya@caviumnetworks.com, nmurthy@caviumnetworks.com, Sunila Sahu , Ashish Gupta Date: Mon, 23 Jul 2018 20:16:04 +0530 Message-Id: <1532357165-8575-3-git-send-email-shally.verma@caviumnetworks.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1532357165-8575-1-git-send-email-shally.verma@caviumnetworks.com> References: <1532357165-8575-1-git-send-email-shally.verma@caviumnetworks.com> MIME-Version: 1.0 X-Originating-IP: [115.113.156.2] X-ClientProxiedBy: MA1PR0101CA0020.INDPRD01.PROD.OUTLOOK.COM (2603:1096:a00:21::30) To DM5PR0701MB3640.namprd07.prod.outlook.com (2603:10b6:4:7e::12) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: bc258282-c52b-41da-70be-08d5f0ab197c X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600073)(711020)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060)(7193020); SRVR:DM5PR0701MB3640; X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3640; 3:+Rq33FCql/FQereQlYbjBwrBoZf4k1dWDQ8rqrQupTR9slowdyi0dR6qydyDyMmu5WxOOBZYdLeSf9R4rb2DlnVVfda0x4THKryweLoyv6E/xU8YgZ00Zj48ZVwtDBwKyuAXRRciVL8vDpwlWWhpOQ5mWJwZ+bMWIU7ybgaPrY9kFwzh+eMdFV0riSNQ18GLtNaUQJ6qPrepDB0Zs18HvljF3B4BwbFKsqKPaGvw850htm+xj0AFaVlV3oPH5gE3; 25:ozaeDGa5TmPrOnaaEuoHYmBk09yDgQxGqfWLjir8rRdBupoPzmA/KxdVRk6AtU9euCIrNkCsva8/CidTNb3UVxbER1tLEZ6+MEWoYdrUxsnyw54mHcV5maNNAT0XPYIl//6MXN+Wk2P/Go6Cb87Rv42cbAOf9BTADp8VWUC+IrvVhURV6cxkZWUHnnDuvOBj03p8AzyzNeemPV8/yNpcWsMvhaq0AlxCcXTQSkh/QyjX4sG1QRojhFXx5L1AjdKHOcc/mLxvp4vdpAzmLe+Rqj95L9lcVoCQhHh9KXPgMk+ytFagX66VL8V4Q+YUjcZvZqsMj1DU6w59H9/LofrTtg==; 31:fepRjBoBuo/7NE9Mwu4wSWy3K0Eo2xPJeN4YPDJj+KTE7SOeWATIRljPxjF9KgwPMWRhEfz7k6lMuly0DsKGpeLsmz7ibm9kLz9dg76WmXGl6LjLIYiGOby60GWBELyir1FC7bw7aYWUDxc+26/0dM3no3u0ODOCf441RKCAomn0nvXTMIBLTGv6cZ3LhKMsLFERneFbGAEhDVp0TelATxSmpM+pn4etoRuYXEsImd4= X-MS-TrafficTypeDiagnostic: DM5PR0701MB3640: X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3640; 20:g+OMMaQYLQBHFYN6ap3L4T4lODQHm9kVkIYgdtltPSUNdTYAYmvczbvye9PnUTZBMMjvWZkKPBh5gQsShzO3xpqtbd+Cfz5sg16MaRtwcZqjlJgAt/+WZFAkAbt0pDZJ+k6wEpDmORd8RJ1v/HOQffRB+e4/cRFXMj/SkuoptIdKKLT6uNDCYNNnoPwycw0U6ibB6BM+6/CA34C19yMsh/kqdAIt1p86GHrSg+FQlGB3HNMfuIeotZeb7UTVtBEdnCISBzRpt/2lkj6r4UYlXBm3cgHcf/0kDkoWibG+33X3484qF/ipv1r/zQSyg1rqmQZBKhcPBRddtEB52xgDu8gW0Wm5ITdpHzgAg113HzLBbs+Lo+qKsAwAiUQ8j/xKlYPB8tEUykyAAkx8iRI7/jawrBMnmW08iTfptZk40KBd2Fmm3tf3+I4JE9Hh/dJAAgI60f4w60gAcWFqPA7DT0xCDNqrCZLOHdZ8V+DGanSTQnhU0RGm7yxU5NCvSs27++pV9axIRuvDG7oMTEBStyQvhVAEjbd/ZBicfHJ2MObhVCn56BKGWtvOACMigTQ1X3wZzQeOhckFQnsLuDBS5+/opAuV3W3oceJv7AjS1Kc=; 4:b2CT3IqGRuUdqKyxRJjrC0RzOOckZABDqC4hE78QWfOIWbWgZsC3KaSIsALjFpa6wvf3VI69pp/YBolIeEaCGr7KZKmxU+dvz2gmaUkyC7uVQ30EuZlEF9tIKddVu+3TvkPkWY9DosY6O2LUFT2EWFU3moyKEaJCvq+M+cNTqWSALV/WZSmyjv5Rh1OFbmeYBhgJsoAc8FGZfxLhgCU5J1FW7+1umIePQ5c5PnYw8MUV+KRA8CQtgLwcN6U4yDnC4Nk49OozEhVCIsV5IjJI4g== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3002001)(10201501046)(3231311)(944501410)(52105095)(93006095)(149027)(150027)(6041310)(20161123558120)(20161123562045)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011)(7699016); SRVR:DM5PR0701MB3640; BCL:0; PCL:0; RULEID:; SRVR:DM5PR0701MB3640; X-Forefront-PRVS: 0742443479 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(346002)(396003)(366004)(39860400002)(136003)(189003)(199004)(6486002)(42882007)(16586007)(478600001)(305945005)(446003)(50226002)(50466002)(5660300001)(11346002)(7736002)(476003)(48376002)(36756003)(44832011)(8676002)(486006)(2616005)(956004)(3846002)(14444005)(68736007)(54906003)(47776003)(72206003)(6116002)(97736004)(316002)(69596002)(107886003)(4326008)(2906002)(81166006)(66066001)(81156014)(2361001)(8936002)(25786009)(6512007)(53416004)(26005)(106356001)(6916009)(105586002)(55236004)(186003)(386003)(52116002)(6506007)(53936002)(6666003)(76176011)(51416003)(2351001)(16526019); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR0701MB3640; H:hyd1sverma-dt.caveonetworks.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM5PR0701MB3640; 23:g8nlFxtdDvx9XPbJ4PuwY6YlijpIZx400mn467J?= e8gV1qiEWZyW9rD67T+OYhSnvP65fSRkNczDeTcI39UHfxAorMqQDUs2yjipkCnnN8pAoZULQZu//N4AG6c1y0gJ6s9s7qlS/1BqdfauHNjzId6cwwqSCDuh66cnGGDqaiyqT8mbZ7FKQb2/+CZ/efEWOgUU7KY2Lc2r5c1D88pv4zGIcrVyTyxyzvuA4waaP7xkgMBphMVsJvLeke9/3KjG1wCKllnVbgJLKZ+fZQMXywiZ8+9VkU9WizCFzotzDAGmsmUEQuFVJggXCNcJS0EGPH9YB7g9Oy3mRmsRP5CurMpEoBNfEAgVv8WwFHuwLZomhHBRMX2DTam072WmpUb/2YF9arL7nNcDudCrjkwr8XPaUoyA+46kyXz4VI+D13INOQ1J6ZZ3GQyF4FrvCq8xXulLeWK7lEEc+fWpaOPwVFkI5r1l4br82hoFfx3oLtyvQ6bkjlp9RiZfgXYmwx5kFIct6sOART2OwiA7fjY5FcdWSU04mTNdUfp1lR84Cr+cuVYg/qb0/ietTPgozrOYgt88qxrI5YCykNLDkd3rWsf+IE/FsFf65vmiL5YAxZRR7fuwGJzlTc3e+jOYh0fnowlTdjo8VPzPyujRz1pqb703iEqVSdER6/K/ylrKhjjggf/Al7cEFByPxtU6r9WZxDXjtm5ot10tVLBmD7+vBTAnDaWLO+Ne5pJkBiXCpOmolBKKs9im8IlzpxptIhKuJotVO/Oxh26TpQElWLt7bMhSX1e4b+LJuNkrZVVCz+IISbXGUC+dAYlS8z2lKN8WGaOKqPSqiO1Eud+XEhloTwvLc7TDuF+aPXEIPBFPemSnNtckJtdInMuucbFF0xnf1wXHulloT7Atc1bssya3/TaFa4++dXt16bzrCEHMupCR4PNgyS286XmF1jblvHQOamWH4S6JoEi4bqFn+5qIhFmUJOSYJBow8a96J9qedbBLMuB74ElNOreWL5wN84XpmTc7Y3WbjUSNnqiocT5G1NQUMHd8q18BumCTDD9FyV0MxDtA4twsAx4I6p9b9TOPpJdsxvL5UOgOOLaLpTBnV2WiwK//SxMLlm8Lsfje1QcHdw8Nz4tjxJDS3RrUzL1vL1p//Dm7igxn0Edv+lT43/z44Nr22FepOpCwXKybpKMVdKDZWCbVuVtckqa9IXEOXdZB2U12rSRi7K/3V5C2Abc95JH+oJUMV61EOzm8HrhJyyzekRNyC6xIcVcUAYAU2QN7ntjhbokoOvXxCU+ZtTD+iNy07dHA5d9UIa5prrMV2Il8qdGPJ+H2oZa/lg8QFFwyTJRGNVJH8kqBhr0P1Dqb/z4FZa6TAzizH2Ju1mJw= X-Microsoft-Antispam-Message-Info: KiPL11ka9UBYrr4wwjkfsSgJNPCmW5s0OEvCf5+CPSup8G5K4QPKBXRiG9oxjcjHFZDTigEPJzrbURmTP7htL9IIRvB0Dj7iZ/+rAu/tn39nva1jjgM/amOUU3inGDvqEPq7Vp/2Enuynhi7ugw1chdHv0oU7Gtte0p6PfB4bxVyQ8YfH/pdI4DS5pzaHZeeZtWRUEhnKniNMX2TjCpOAgQBQsb5tUagRLKlE8LaaLKJJD01XOdhUb6KKpspGtj2OiLAgBlBmUC2b297UClJ1UrhhnDYDSqHoFC3J8FbRVfeq2n4plWcS2PJJue+exvAOxJrv1VEM9sP1NM+kfjH1yg50tJsymTWGpjZ5+pIAa4= X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3640; 6:/7j9OVmu3L1MY4ha8rl98iEHr8dlPd1lgnMLYM6ANy2acjz9I0Fw8k/dq+B/+RXMzVeE7BMSGH3aIYiVgEoX8eawA07zuEFS4F/EwZcbG+zDqp8DGw+Rl3txoNcS/jWg/r61PncEFJ3Kaywjk+ifI5konO7Endidrv3Ft2vR1Spos3cCR+NdzoOPSfBtj8/s/pcZZNLgswMOky7VBbL1sP0juIAi9dgsvFLpyEwhD+GZfNkbC/hLgnu6qYqSFDg5m9JstfqDlcChHHAzoAo7vVdsGjbAKMWb+fcN0W/8VZBZ2SW38AXTGCjrlfQG/5+BOz6awEkmT5QeyP+IdeaHehy8JMBLed/MHjSp1W7DkI3KRqAr9919BSkaYAItH92iM6vk3inZEK92r0PlkgXYsQTcvyY+x2dgLlTEBvyvT6LzNI0grU6aCSGDRYXQikYhBzotBe9PpPGXYHtYVbK8bQ==; 5:tagmxTQ8iWBMiPYdnxPfjjXet2YZxHGN6lGxxAW0kwNQ44DTsGm6Vikl8cZP2LQkrKtmkSb1KbImVX2T62U4UQPCH/ZO53JaYETCjxSZ0ahSIUdwb84ll2EZtMBsayGPlX5wuejqjvcesI0zYzsW6Ohy8djdmkj/FoE8hMO2VNM=; 7:x6Rwsmdj+JC0bfpGOoAx515eRDhafgL8fLsFAbIgp2IyP8sGteCSx/s0R1iHSxLG+kYj0EA3eNsg80Ykj+Sz21k6cEnqRViNyUoygQX/iAoxnMJi54bBekrZMy0KIeT/DgAGUjIGMzlBzAd5zYyMJWYbl/Cz5MoFW84WdAigL/iiGgeWErRmApCh1wXrnA75KenrkDuBxLHErEpEdc9CTwPDsyE/3rbBuAlD8AQKfXCtrzTKKsQdP17kZvmXo01i SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jul 2018 14:46:37.9027 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bc258282-c52b-41da-70be-08d5f0ab197c X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR0701MB3640 Subject: [dpdk-dev] [PATCH v5 2/3] crypto/openssl: add dh and dsa asym op X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Sunila Sahu - Add dh key generation and shared compute - Add dsa sign and verify operation Signed-off-by: Sunila Sahu Signed-off-by: Shally Verma Signed-off-by: Ashish Gupta --- drivers/crypto/openssl/compat.h | 68 +++++++ drivers/crypto/openssl/rte_openssl_pmd.c | 237 +++++++++++++++++++++++ drivers/crypto/openssl/rte_openssl_pmd_ops.c | 194 ++++++++++++++++++- drivers/crypto/openssl/rte_openssl_pmd_private.h | 9 + 4 files changed, 507 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/openssl/compat.h b/drivers/crypto/openssl/compat.h index 8ece808..45f9a33 100644 --- a/drivers/crypto/openssl/compat.h +++ b/drivers/crypto/openssl/compat.h @@ -23,6 +23,41 @@ rsa->n = n; rsa->e = e; rsa->d = d; ret = 0; \ } while (0) +#define set_dh_params(dh, p, g, ret) \ + do { \ + dh->p = p; \ + dh->q = NULL; \ + dh->g = g; \ + ret = 0; \ + } while (0) + +#define set_dh_priv_key(dh, priv_key, ret) \ + do { dh->priv_key = priv_key; ret = 0; } while (0) + +#define set_dsa_params(dsa, p, q, g, ret) \ + do { dsa->p = p; dsa->q = q; dsa->g = g; ret = 0; } while (0) + +#define get_dh_pub_key(dh, pub_key) \ + (pub_key = dh->pub_key) + +#define get_dh_priv_key(dh, priv_key) \ + (priv_key = dh->priv_key) + +#define set_dsa_sign(sign, r, s) \ + do { sign->r = r; sign->s = s; } while (0) + +#define get_dsa_sign(sign, r, s) \ + do { r = sign->r; s = sign->s; } while (0) + +#define set_dsa_keys(dsa, pub, priv, ret) \ + do { dsa->pub_key = pub; dsa->priv_key = priv; ret = 0; } while (0) + +#define set_dsa_pub_key(dsa, pub_key) \ + (dsa->pub_key = pub_key) + +#define get_dsa_priv_key(dsa, priv_key) \ + (priv_key = dsa->priv_key) + #else #define set_rsa_params(rsa, p, q, ret) \ @@ -35,6 +70,39 @@ #define set_rsa_keys(rsa, n, e, d, ret) \ (ret = !RSA_set0_key(rsa, n, e, d)) +#define set_dh_params(dh, p, g, ret) \ + (ret = !DH_set0_pqg(dh, p, NULL, g)) + +#define set_dh_priv_key(dh, priv_key, ret) \ + (ret = !DH_set0_key(dh, NULL, priv_key)) + +#define get_dh_pub_key(dh, pub_key) \ + (DH_get0_key(dh_key, &pub_key, NULL)) + +#define get_dh_priv_key(dh, priv_key) \ + (DH_get0_key(dh_key, NULL, &priv_key)) + +#define set_dsa_params(dsa, p, q, g, ret) \ + (ret = !DSA_set0_pqg(dsa, p, q, g)) + +#define set_dsa_priv_key(dsa, priv_key) \ + (DSA_set0_key(dsa, NULL, priv_key)) + +#define set_dsa_sign(sign, r, s) \ + (DSA_SIG_set0(sign, r, s)) + +#define get_dsa_sign(sign, r, s) \ + (DSA_SIG_get0(sign, &r, &s)) + +#define set_dsa_keys(dsa, pub, priv, ret) \ + (ret = !DSA_set0_key(dsa, pub, priv)) + +#define set_dsa_pub_key(dsa, pub_key) \ + (DSA_set0_key(dsa, pub_key, NULL)) + +#define get_dsa_priv_key(dsa, priv_key) \ + (DSA_get0_key(dsa, NULL, &priv_key)) + #endif /* version < 10100000 */ #endif /* __RTA_COMPAT_H__ */ diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 9d18e67..dd095a8 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1546,6 +1546,230 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op, op->status = RTE_CRYPTO_OP_STATUS_ERROR; } +/* process dsa sign operation */ +static int +process_openssl_dsa_sign_op(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + struct rte_crypto_dsa_op_param *op = &cop->asym->dsa; + DSA *dsa = sess->u.s.dsa; + DSA_SIG *sign = NULL; + + sign = DSA_do_sign(op->message.data, + op->message.length, + dsa); + + if (sign == NULL) { + OPENSSL_LOG(ERR, "%s:%d\n", __func__, __LINE__); + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + } else { + const BIGNUM *r = NULL, *s = NULL; + get_dsa_sign(sign, r, s); + + op->r.length = BN_bn2bin(r, op->r.data); + op->s.length = BN_bn2bin(s, op->s.data); + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + } + + DSA_SIG_free(sign); + + return 0; +} + +/* process dsa verify operation */ +static int +process_openssl_dsa_verify_op(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + struct rte_crypto_dsa_op_param *op = &cop->asym->dsa; + DSA *dsa = sess->u.s.dsa; + int ret; + DSA_SIG *sign = DSA_SIG_new(); + BIGNUM *r = NULL, *s = NULL; + BIGNUM *pub_key = NULL; + + if (sign == NULL) { + OPENSSL_LOG(ERR, " %s:%d\n", __func__, __LINE__); + cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + return -1; + } + + r = BN_bin2bn(op->r.data, + op->r.length, + r); + s = BN_bin2bn(op->s.data, + op->s.length, + s); + pub_key = BN_bin2bn(op->y.data, + op->y.length, + pub_key); + if (!r || !s || !pub_key) { + if (r) + BN_free(r); + if (s) + BN_free(s); + if (pub_key) + BN_free(pub_key); + + cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + return -1; + } + set_dsa_sign(sign, r, s); + set_dsa_pub_key(dsa, pub_key); + + ret = DSA_do_verify(op->message.data, + op->message.length, + sign, + dsa); + + if (ret != 1) + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + else + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + + DSA_SIG_free(sign); + + return 0; +} + +/* process dh operation */ +static int +process_openssl_dh_op(struct rte_crypto_op *cop, + struct openssl_asym_session *sess) +{ + struct rte_crypto_dh_op_param *op = &cop->asym->dh; + DH *dh_key = sess->u.dh.dh_key; + BIGNUM *priv_key = NULL; + int ret = 0; + + if (sess->u.dh.key_op & + (1 << RTE_CRYPTO_ASYM_OP_SHARED_SECRET_COMPUTE)) { + /* compute shared secret using peer public key + * and current private key + * shared secret = peer_key ^ priv_key mod p + */ + BIGNUM *peer_key = NULL; + + /* copy private key and peer key and compute shared secret */ + peer_key = BN_bin2bn(op->pub_key.data, + op->pub_key.length, + peer_key); + if (peer_key == NULL) { + cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + return -1; + } + priv_key = BN_bin2bn(op->priv_key.data, + op->priv_key.length, + priv_key); + if (priv_key == NULL) { + BN_free(peer_key); + cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + return -1; + } + set_dh_priv_key(dh_key, priv_key, ret); + if (ret) { + OPENSSL_LOG(ERR, "Failed to set private key\n"); + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + BN_free(peer_key); + BN_free(priv_key); + return 0; + } + + ret = DH_compute_key( + op->shared_secret.data, + peer_key, dh_key); + if (ret < 0) { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + BN_free(peer_key); + /* priv key is already loaded into dh, + * let's not free that directly here. + * DH_free() will auto free it later. + */ + return 0; + } + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + op->shared_secret.length = ret; + BN_free(peer_key); + return 0; + } + + /* + * other options are public and private key generations. + * + * if user provides private key, + * then first set DH with user provided private key + */ + if ((sess->u.dh.key_op & + (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) && + !(sess->u.dh.key_op & + (1 << RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE))) { + /* generate public key using user-provided private key + * pub_key = g ^ priv_key mod p + */ + + /* load private key into DH */ + priv_key = BN_bin2bn(op->priv_key.data, + op->priv_key.length, + priv_key); + if (priv_key == NULL) { + cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; + return -1; + } + set_dh_priv_key(dh_key, priv_key, ret); + if (ret) { + OPENSSL_LOG(ERR, "Failed to set private key\n"); + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + BN_free(priv_key); + return 0; + } + } + + /* generate public and private key pair. + * + * if private key already set, generates only public key. + * + * if private key is not already set, then set it to random value + * and update internal private key. + */ + if (!DH_generate_key(dh_key)) { + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + return 0; + } + + if (sess->u.dh.key_op & (1 << RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE)) { + const BIGNUM *pub_key = NULL; + + OPENSSL_LOG(DEBUG, "%s:%d update public key\n", + __func__, __LINE__); + + /* get the generated keys */ + get_dh_pub_key(dh_key, pub_key); + + /* output public key */ + op->pub_key.length = BN_bn2bin(pub_key, + op->pub_key.data); + } + + if (sess->u.dh.key_op & + (1 << RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE)) { + const BIGNUM *priv_key = NULL; + + OPENSSL_LOG(DEBUG, "%s:%d updated priv key\n", + __func__, __LINE__); + + /* get the generated keys */ + get_dh_priv_key(dh_key, priv_key); + + /* provide generated private key back to user */ + op->priv_key.length = BN_bn2bin(priv_key, + op->priv_key.data); + } + + cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; + + return 0; +} + /* process modinv operation */ static int process_openssl_modinv_op(struct rte_crypto_op *cop, struct openssl_asym_session *sess) @@ -1718,6 +1942,19 @@ process_asym_op(struct openssl_qp *qp, struct rte_crypto_op *op, case RTE_CRYPTO_ASYM_XFORM_MODINV: retval = process_openssl_modinv_op(op, sess); break; + case RTE_CRYPTO_ASYM_XFORM_DH: + retval = process_openssl_dh_op(op, sess); + break; + case RTE_CRYPTO_ASYM_XFORM_DSA: + if (op->asym->dsa.op_type == RTE_CRYPTO_ASYM_OP_SIGN) + retval = process_openssl_dsa_sign_op(op, sess); + else if (op->asym->dsa.op_type == + RTE_CRYPTO_ASYM_OP_VERIFY) + retval = + process_openssl_dsa_verify_op(op, sess); + else + op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; + break; default: op->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS; break; diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index bbc203e..de22843 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -527,6 +527,48 @@ static const struct rte_cryptodev_capabilities openssl_pmd_capabilities[] = { }, } }, + { /* dh */ + .op = RTE_CRYPTO_OP_TYPE_ASYMMETRIC, + {.asym = { + .xform_capa = { + .xform_type = RTE_CRYPTO_ASYM_XFORM_DH, + .op_types = + ((1<next != NULL) { + if ((xform->xform_type != RTE_CRYPTO_ASYM_XFORM_DH) && + (xform->next != NULL)) { OPENSSL_LOG(ERR, "chained xfrms are not supported on %s", rte_crypto_asym_xform_strings[xform->xform_type]); return -1; @@ -940,6 +983,147 @@ static int openssl_set_asym_session_parameters( asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_MODINV; break; } + case RTE_CRYPTO_ASYM_XFORM_DH: + { + BIGNUM *p = NULL; + BIGNUM *g = NULL; + + p = BN_bin2bn((const unsigned char *) + xform->dh.p.data, + xform->dh.p.length, + p); + g = BN_bin2bn((const unsigned char *) + xform->dh.g.data, + xform->dh.g.length, + g); + if (!p || !g) + goto err_dh; + + DH *dh = DH_new(); + if (dh == NULL) { + OPENSSL_LOG(ERR, + "failed to allocate resources\n"); + goto err_dh; + } + set_dh_params(dh, p, g, ret); + if (ret) { + DH_free(dh); + goto err_dh; + } + + /* + * setup xfrom for + * public key generate, or + * DH Priv key generate, or both + * public and private key generate + */ + asym_session->u.dh.key_op = (1 << xform->dh.type); + + if (xform->dh.type == + RTE_CRYPTO_ASYM_OP_PRIVATE_KEY_GENERATE) { + /* check if next is pubkey */ + if ((xform->next != NULL) && + (xform->next->xform_type == + RTE_CRYPTO_ASYM_XFORM_DH) && + (xform->next->dh.type == + RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE) + ) { + /* + * setup op as pub/priv key + * pair generationi + */ + asym_session->u.dh.key_op |= + (1 << + RTE_CRYPTO_ASYM_OP_PUBLIC_KEY_GENERATE); + } + } + asym_session->u.dh.dh_key = dh; + asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DH; + break; + +err_dh: + OPENSSL_LOG(ERR, " failed to set dh params\n"); + if (p) + BN_free(p); + if (g) + BN_free(g); + return -1; + } + case RTE_CRYPTO_ASYM_XFORM_DSA: + { + BIGNUM *p = NULL, *g = NULL; + BIGNUM *q = NULL, *priv_key = NULL; + BIGNUM *pub_key = BN_new(); + BN_zero(pub_key); + + p = BN_bin2bn((const unsigned char *) + xform->dsa.p.data, + xform->dsa.p.length, + p); + + g = BN_bin2bn((const unsigned char *) + xform->dsa.g.data, + xform->dsa.g.length, + g); + + q = BN_bin2bn((const unsigned char *) + xform->dsa.q.data, + xform->dsa.q.length, + q); + if (!p || !q || !g) + goto err_dsa; + + priv_key = BN_bin2bn((const unsigned char *) + xform->dsa.x.data, + xform->dsa.x.length, + priv_key); + if (priv_key == NULL) + goto err_dsa; + + DSA *dsa = DSA_new(); + if (dsa == NULL) { + OPENSSL_LOG(ERR, + " failed to allocate resources\n"); + goto err_dsa; + } + + set_dsa_params(dsa, p, q, g, ret); + if (ret) { + DSA_free(dsa); + OPENSSL_LOG(ERR, "Failed to dsa params\n"); + goto err_dsa; + } + + /* + * openssl 1.1.0 mandate that public key can't be + * NULL in very first call. so set a dummy pub key. + * to keep consistency, lets follow same approach for + * both versions + */ + /* just set dummy public for very 1st call */ + set_dsa_keys(dsa, pub_key, priv_key, ret); + if (ret) { + DSA_free(dsa); + OPENSSL_LOG(ERR, "Failed to set keys\n"); + return -1; + } + asym_session->u.s.dsa = dsa; + asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA; + break; + +err_dsa: + if (p) + BN_free(p); + if (q) + BN_free(q); + if (g) + BN_free(g); + if (priv_key) + BN_free(priv_key); + if (pub_key) + BN_free(pub_key); + return -1; + } default: return -1; } @@ -1021,6 +1205,14 @@ static void openssl_reset_asym_session(struct openssl_asym_session *sess) BN_CTX_free(sess->u.m.ctx); } break; + case RTE_CRYPTO_ASYM_XFORM_DH: + if (sess->u.dh.dh_key) + DH_free(sess->u.dh.dh_key); + break; + case RTE_CRYPTO_ASYM_XFORM_DSA: + if (sess->u.s.dsa) + DSA_free(sess->u.s.dsa); + break; default: break; } diff --git a/drivers/crypto/openssl/rte_openssl_pmd_private.h b/drivers/crypto/openssl/rte_openssl_pmd_private.h index 0ebe596..a8f2c84 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_private.h +++ b/drivers/crypto/openssl/rte_openssl_pmd_private.h @@ -9,6 +9,8 @@ #include #include #include +#include +#include #define CRYPTODEV_NAME_OPENSSL_PMD crypto_openssl /**< Open SSL Crypto PMD device name */ @@ -159,6 +161,13 @@ struct openssl_asym_session { BIGNUM *modulus; BN_CTX *ctx; } m; + struct dh { + DH *dh_key; + uint32_t key_op; + } dh; + struct { + DSA *dsa; + } s; } u; } __rte_cache_aligned; /** Set and validate OPENSSL crypto session parameters */ From patchwork Mon Jul 23 14:46:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shally Verma X-Patchwork-Id: 43275 X-Patchwork-Delegate: pablo.de.lara.guarch@intel.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id D0477322C; Mon, 23 Jul 2018 16:46:47 +0200 (CEST) Received: from NAM04-SN1-obe.outbound.protection.outlook.com (mail-eopbgr700087.outbound.protection.outlook.com [40.107.70.87]) by dpdk.org (Postfix) with ESMTP id 5AB7A32A5 for ; Mon, 23 Jul 2018 16:46:44 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k28rG9+SyVaBhNkVyy13RF9Eej0z4YIou/fcqhS6vgs=; b=f5e2SBrtjVvMu6JYiR6v1jbq7lEEYycvbXEpS2y96FILAB/GO/gVSMd02ldI+nOcejprNAJTksS0GC0UxtqVbZ/UcFWH0a/kF4XMnopSDO1P3QsNh8HMTSycE5vrhU4zu0cQTVoJ3beSuiSgPojNyS4bVCr7yTrcvPrjOTWMdEg= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Shally.Verma@cavium.com; Received: from hyd1sverma-dt.caveonetworks.com (115.113.156.2) by DM5PR0701MB3640.namprd07.prod.outlook.com (2603:10b6:4:7e::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.973.20; Mon, 23 Jul 2018 14:46:40 +0000 From: Shally Verma To: pablo.de.lara.guarch@intel.com Cc: dev@dpdk.org, pathreya@caviumnetworks.com, nmurthy@caviumnetworks.com, Ashish Gupta , Sunila Sahu Date: Mon, 23 Jul 2018 20:16:05 +0530 Message-Id: <1532357165-8575-4-git-send-email-shally.verma@caviumnetworks.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1532357165-8575-1-git-send-email-shally.verma@caviumnetworks.com> References: <1532357165-8575-1-git-send-email-shally.verma@caviumnetworks.com> MIME-Version: 1.0 X-Originating-IP: [115.113.156.2] X-ClientProxiedBy: MA1PR0101CA0020.INDPRD01.PROD.OUTLOOK.COM (2603:1096:a00:21::30) To DM5PR0701MB3640.namprd07.prod.outlook.com (2603:10b6:4:7e::12) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0dd261eb-2ac5-4354-f100-08d5f0ab1b2d X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600073)(711020)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060)(7193020); SRVR:DM5PR0701MB3640; X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3640; 3:VRATEt9x1B6pha7Htey0VQeBXm0fpxXgG7dZK17xnByn0CdYzqKGZcm78Qkex/rYqBwaudKJxhc2sjMbAUfSX951OG/eFEjmsfwc3PD7YObCQkmvzNOKx34/uI/MwSoHxlxzGCV0aI0not0Yh46pxOJCCKXHa2mNDbEHT4KVpWpt+A0zlP4UNV4iin976X4yhkzz9IvMtM2dUC3RYc8KJg5P6o0gmFmdlKO0QptlsuW44Fpaqc5YnB96MvskJUC8; 25:GgTEs3MxkvFtD3IranLuTKOjThtr1xBIMJJfT2W2MPIfHHdkE4dSUjzxcJr8wlPvLSl2teFaKpB3chLfjCPePZa/Cfv9+ZmH0xbDy5kvQFWpgIUlC9EVzmTBmxLXd4Ov1t2CgYybmPEp8X/jts/Q8uI9+UnkbaLeYwl7R58lWb2Cji3VPabebbWCagHpjIGuBVijcNbyaMT/D1NruhuVBx0hArmjbANrR1+j1yJj98b4WM+oe/rj++v538XX+oRKhfQrgU6N4lhg1/uxQjOaW9ahx02vlrAhu8RTrT7cWEb4JTHuVEd4x88p+UI1XjGeLvcOU+qHrR/nIoG9XrORfw==; 31:rGtksadhv+KM8SVyUQP/TK75rWNk8Tx80kvBuIUcmn79RMMowMqhXzUvWoJcxHQuj1eW/4QY4hhCqIWH+hstkKqL3/mi+98DnsX546p9PMhqJBOytUuLA3DA0C+txWaKD0Wyn72lQ19GrewNXu/g2k/COCN3qvGC6NFQL5Kca0iE8EtmVl0Si9eyxgZ7GTt9DccuRL43SUAoxTjsc/BAaCIgHL7zvdPoRU9azJ6LDnY= X-MS-TrafficTypeDiagnostic: DM5PR0701MB3640: X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3640; 20:tEM6vumzQjdsh+piOEe+cvr6stBgy3JCig/43H377/tHFzI3STCm1mX1iPkq1jlRXSUohv5FTRPonpc0u6fRqIuegI27PFM43XXv7FDbY11aNdu8anO0cBub3ubCrfeKsapELavXndqnYaXyTtG8LqvnMJwQOOx2M30p9l9S4Cl/Rzh+ro47ZLfd98wXFHS9E+mqONmG6VNIRJcUcrrg/I+6WrN/ym+Po5kPuolZm7G7Zx4rj1eLi0BzmL7snsxkmxNfUt5mbgq2XGs7WuHC2VsU9GrlU7FP/KTm67kH3v+8Iebi86zFI1QzRsnnqTpaVIuJUbZs6HhRznaJh1TzFHjKHpCCSMfZSJDHLVaCVtp0ALKSLBsmNE6f1fLJqvNvcOa1fhZHKexUj/k6COeXO9YzpylnSltKSSPmd9bn29PqB6aPc+7LjVTHpL+LfphbbLwc5iODMqNYqarwUdqNdq9h78ysxFZgqWdBTeMi8m4za+iejUg9Sw+Sr75B3U6PBxoZtI70meKpm4g9CxETXcATlQcdvEqaDY9Y/H8Xc36VF1X24IZOboEr7qO7fJHloUzoW5/LpBEhMsbDjInFP4oe3yqLq/XfTD+LgT4K8dc=; 4:2q/wpgNYaNTYPpbwoN9i7q2DxKxkfP1rZ1VjaOdIXYWP+TSU8wJ4W7p7/gHKf05VTcPEZNKb3cTtTr5KL/CTjQib/evD6AUBeSB0KwpiPEK/t5GCG82Cc7VD+ixnBH50JLOXuSxVqqb56AH2I3fUfbqfBIaeCIYzl7jwHqkQPDCNOoihU2p0LKbKOyC5xfRmj1WJWZXH/biP7PToFvKaT2ds7RA4Af3D8UZFQhHpIk479qzojhmXKp0TPJ3QQMw9Uv9rUR3cyyBIQfzCKx85uw== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3002001)(10201501046)(3231311)(944501410)(52105095)(93006095)(149027)(150027)(6041310)(20161123558120)(20161123562045)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011)(7699016); SRVR:DM5PR0701MB3640; BCL:0; PCL:0; RULEID:; SRVR:DM5PR0701MB3640; X-Forefront-PRVS: 0742443479 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(376002)(346002)(396003)(366004)(39860400002)(136003)(189003)(199004)(6486002)(42882007)(16586007)(478600001)(305945005)(446003)(50226002)(50466002)(5660300001)(11346002)(7736002)(476003)(48376002)(36756003)(44832011)(8676002)(486006)(2616005)(956004)(3846002)(14444005)(575784001)(68736007)(54906003)(47776003)(72206003)(6116002)(97736004)(316002)(69596002)(107886003)(4326008)(2906002)(81166006)(66066001)(81156014)(2361001)(8936002)(25786009)(6512007)(53416004)(26005)(106356001)(6916009)(105586002)(55236004)(186003)(386003)(52116002)(6506007)(53936002)(6666003)(76176011)(51416003)(2351001)(16526019); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR0701MB3640; H:hyd1sverma-dt.caveonetworks.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DM5PR0701MB3640; 23:YjE52seoTyom2/HrN8mTKxD2+JPGP7ybOq1DwAs?= aD6BO3aQH6ZhgjJ79PVwFKA89LPruNu4AZ7lWk7mfCWfqX465+VUMpQb1T2d7maiEDxNyrdHoOT/wFyHlsbWx/3cmD1d9zZfMDHZn09IWNbEPReZCGdyiJsXhStno/j+au05mgDNz/10Iobz+s6vPmnXezAVlb/CyWUw/1UEDpC2s/gAIHei2z+YWMzHmf5GbUWc7/5j91e23JhN1Ko450bj3hRyUhlmF2He8dxV1gwnCFYOZgVQWJ5WN5S38c891ICVa4IwOFjZF7TmaGlonW6c21maLuotA+seTT5RDmlMGL1T1zlq3Se4wR8SJoeDM8ccopM3PcjJhxkPVYtYXvDLTOkSNdOQr2gOcCveUo1OwvuABPRAejM8g0lQDW0ZT0hrdhXaO2B37vmxogXQ1mjS1WzKZ2RHT1urhwcOcZJtVzfheX3S3Xfq5qG27jA3RVXtVHF7sF4Y2yQMc5j2mnjdTwlA2swKhHR8fY7N0Uu0euWqrsY2x2qrk/u6cMp3l1f2BKatcxwTwfdI4UCsYjsj4PgvyjKCCvuGQja8xJT7PSJ05NC9d/rqk+g2FTe1RKF2WpCHk1/lnAGmOHX66M9S8I15f46/iIHjD4GfGljuC9C7WxBYx6vS+FxdvMrnvbRdLlQAH6vafWhDtOETy8flO4TMeSGnox/MTSj2vIXgXVG+BYAtSZr5J71Fw+uJVJFF4R7q1iKFlWwwGR9CREKSjV560H9x9Hbs0TfugJoQoaopguEzQa7CvLRsxpcBz/FzzmVgg7SJ4O58ql6VM7e7NBLpMnseIpZKPspdob/lwmy8puP3aWmmbiJbw72d1PCmZiav3LKcR9/1tblIkzqRmvIO5NZ/lau8I2sKVN47J6tErYfF7+U2H5fnSJzqcioNnI/T27rfkhjB6Mn1noe5rf/QRdaBhi41DK6BDbS/WfnmJfdCSUE5UGuixYSKyDWjJPVp8MCVuUG4I6X5qugpHWrfO1Q77BG62Udcwww9NoswIpJX5ODcp88aCa01a9qNXPRDRqglu+qUiepZnLTzjQbHQz8+Qtj2rWo0Zn81lINl486NP0YZuaCmKVDviBbjqmW4/dHOZ1RjWa1nAR+vHo9ljuYPEQ8AppZ0OdqQNPAjc4VjL2CNbxKvU3zZ4DcJMElBjieoTaMhvqDqQnpovFAYHm6xq2KNgDOa5xB4EuMls30rQx7BkUnp9JPeX13erK5UEwYDoJKKV5O6rX7/ruV7EmyGnsa9/f14zqckkf2fhzG5d2d8rgeAAe/j94HcNKN5NFrSxE1Wdc6UdpJEF/MrBJB7IQdY4+9oH8F12h2VFk4KTXa3RTijbDR2jfwy7K20ela6xj5FC7zr3nOLT X-Microsoft-Antispam-Message-Info: 3WUY5mEv2J/aZqNthP+fv2fCJH+3+h+dOh8TYP3lald+M9S0bcYkedZ5i22USGCg5Y7lsHbp+Kahq6JVsQYFwUtyWTZOlDcN7i1gYiNQmqQYIm1d9BU1XacZCcTV9x+Gqdj6d8hkg4HIcJ9g9L1uo6kIE5C4WyoOx7rGLUMr5kFs2nyTHIQu5gq2ImYLlC8+gPb6XdhYY2WJorxpYLQrPwnumkId4wABzvr+ON2AXBTCb3raAyuoZPlLs+bIrRnjXgU0OKvd7R6/rduGLuK/e/OHjGk1wrcy89/TELfafu2rMVg2f1Wt7FcYKN8jy8XPbIFVUg5EicK+PiLbW22psRgF7f6WBrBTlxSR4CA8Gck= X-Microsoft-Exchange-Diagnostics: 1; DM5PR0701MB3640; 6:UY7YnZOXh+pFWmzSubDhZoWPGJwEedMlBt3nxVXm0pMFnnJlNxnO9Tv076G1SwiJyCOF3ICkzTASBAsc70zodeFB1xSCRm3b7/0pghzLrl+a/+ZMRM54wpgDqoMyDXUF3V9gmyJCyFgilGUDG9nUqM3ixSnSBzhX1OsR5lLmFfl07PKtSnkzH5u1iyhEmt4q3oxy8QU2+XtKYFkoL5eWybFlsfmkeqdQVLk3Oowig1nyP/XrTbe4Lpd6lOWuVewgg8VOFOOz32URYiIMi86k/oDoNfAWfGfyPAJLOiAxh3EMPF0csViKNoQOD8MB9o3wgZk0Ft690pgIEFir8TLjjIf/pXmqmP+t3zvR+/6DMSpvRiRoIyMo6nRg/O35A6mWcAI+sAa5MsDY6dxv6yZFrg8aV4EMdAjcFZeAp49/nIsKSNVwFM+mY5unXY/yk06iyIXqDIkPKILaxXjW+g9SEw==; 5:QHmaNSfhqx5wth+WjlCd9ssJw76eS+irHe+C8rgM3YhFgnxUHew00k1510J8nQmcs5ZzBb1NdpHoGIIfZ8Acx3g6tPfBHvsVej6XsiQ3kIBBCsnu+o9nDJhEEasS3HRFtY+OAMgImP0jeIgnmWCOhivcCA1kHXKFS+sOGcPEtLA=; 7:z52VAT/2nd9wJWU7hV0tYEErP0qgK6uf1+NawZXHcZGdoE4LAUaTQmrBLv1pxa3oUGbhE6Ri46s8h3rQUvs9qbXT9wy5NUpbTstn3a3SrRVBNyL/0erCcXbKsz+W9pGVrcbYAomonIHjAtqb5/j5uC/AINaGPddb4DN6soO8rHkOxwRWE7dW7QQK/Oc5qfNslfGtmw+YcA35ePpaG0gtRwoxLM+BLLqWq40s+pjn8uEMXn+W8PL7XPQFcgdX32XM SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Jul 2018 14:46:40.7717 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0dd261eb-2ac5-4354-f100-08d5f0ab1b2d X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR0701MB3640 Subject: [dpdk-dev] [PATCH v5 3/3] doc: add asym feature list X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Ashish Gupta Signed-off-by: Sunila Sahu Signed-off-by: Shally Verma Signed-off-by: Ashish Gupta --- doc/guides/cryptodevs/features/openssl.ini | 11 +++++++++++ doc/guides/cryptodevs/openssl.rst | 1 + 2 files changed, 12 insertions(+) diff --git a/doc/guides/cryptodevs/features/openssl.ini b/doc/guides/cryptodevs/features/openssl.ini index 626ec1b..b9c0bdc 100644 --- a/doc/guides/cryptodevs/features/openssl.ini +++ b/doc/guides/cryptodevs/features/openssl.ini @@ -8,6 +8,7 @@ Symmetric crypto = Y Sym operation chaining = Y OOP SGL In LB Out = Y OOP LB In LB Out = Y +Asymmetric crypto = Y ; ; Supported crypto algorithms of the 'openssl' crypto driver. @@ -50,3 +51,13 @@ AES GCM (256) = Y AES CCM (128) = Y AES CCM (192) = Y AES CCM (256) = Y + +; +; Supported Asymmetric algorithms of the 'openssl' crypto driver. +; +[Asymmetric] +RSA = Y +DSA = Y +Modular Exponentiation = Y +Modular Inversion = Y +Diffie-hellman = Y diff --git a/doc/guides/cryptodevs/openssl.rst b/doc/guides/cryptodevs/openssl.rst index 427fc80..bdc30f6 100644 --- a/doc/guides/cryptodevs/openssl.rst +++ b/doc/guides/cryptodevs/openssl.rst @@ -80,6 +80,7 @@ crypto processing. Test name is cryptodev_openssl_autotest. For performance test cryptodev_openssl_perftest can be used. +For asymmetric crypto operations testing, run cryptodev_openssl_asym_autotest. To verify real traffic l2fwd-crypto example can be used with this command: