> -----Original Message-----
> From: Gowrishankar Muthukrishnan <gmuthukri...@marvell.com>
> Sent: Wednesday, May 17, 2023 6:53 PM
> To: dev@dpdk.org
> Cc: ano...@marvell.com; Akhil Goyal <gak...@marvell.com>; Fan Zhang
> <fanzhang....@gmail.com>; Ankur Dwivedi <adwiv...@marvell.com>; Tejasree
> Kondoj <ktejas...@marvell.com>; Ji, Kai <kai...@intel.com>; Dooley, Brian
> <brian.doo...@intel.com>; Gowrishankar Muthukrishnan
> <gmuthukri...@marvell.com>
> Subject: [PATCH] lib/cryptodev: move RSA padding information into xform
>
> RSA padding information could be a xform entity rather than part of crypto op,
> as it seems associated with hashing algorithm used for the entire crypto
> session,
> where this algorithm is used in message digest itself. Even in virtIO standard
> spec, this info is associated in the asymmetric session creation. Hence,
> moving
> this info from crypto op into xform structure.
With the current approach in with-session mode, we set the key in the PMD only
once and use it in different configurations.
In the case where padding is a session parameter, we need to have a session for
all padding variations, duplicating the private key occurrences in memory for
this reason only.
>
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukri...@marvell.com>
> ---
> app/test/test_cryptodev_asym.c | 6 +--
> app/test/test_cryptodev_rsa_test_vectors.h | 2 +
> drivers/common/cpt/cpt_ucode_asym.h | 4 +-
> drivers/crypto/cnxk/cnxk_ae.h | 13 +++--
> drivers/crypto/octeontx/otx_cryptodev_ops.c | 4 +-
> drivers/crypto/openssl/openssl_pmd_private.h | 1 +
> drivers/crypto/openssl/rte_openssl_pmd.c | 4 +-
> drivers/crypto/openssl/rte_openssl_pmd_ops.c | 1 +
> drivers/crypto/qat/qat_asym.c | 17 ++++---
> examples/fips_validation/main.c | 52 +++++++++++---------
> lib/cryptodev/rte_crypto_asym.h | 6 +--
> 11 files changed, 59 insertions(+), 51 deletions(-)
>
> diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
> index bb4c70deba..1c5114581c 100644
> --- a/app/test/test_cryptodev_asym.c
> +++ b/app/test/test_cryptodev_asym.c
> @@ -92,7 +92,6 @@ queue_ops_rsa_sign_verify(void *sess)
> asym_op->rsa.message.length = rsaplaintext.len;
> asym_op->rsa.sign.length = RTE_DIM(rsa_n);
> asym_op->rsa.sign.data = output_buf;
> - asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
>
> debug_hexdump(stdout, "message", asym_op->rsa.message.data,
> asym_op->rsa.message.length);
> @@ -124,7 +123,6 @@ queue_ops_rsa_sign_verify(void *sess)
>
> /* Verify sign */
> asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_VERIFY;
> - asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
>
> /* Process crypto operation */
> if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) { @@ -183,7
> +181,6 @@ queue_ops_rsa_enc_dec(void *sess)
> asym_op->rsa.cipher.data = cipher_buf;
> asym_op->rsa.cipher.length = RTE_DIM(rsa_n);
> asym_op->rsa.message.length = rsaplaintext.len;
> - asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
>
> debug_hexdump(stdout, "message", asym_op->rsa.message.data,
> asym_op->rsa.message.length);
> @@ -215,7 +212,6 @@ queue_ops_rsa_enc_dec(void *sess)
> asym_op = result_op->asym;
> asym_op->rsa.message.length = RTE_DIM(rsa_n);
> asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
> - asym_op->rsa.padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5;
>
> /* Process crypto operation */
> if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) { @@ -412,7
> +408,7 @@ test_cryptodev_asym_op(struct crypto_testsuite_params_asym
> *ts_params,
> }
>
> xform_tc.rsa.key_type = key_type;
> - op->asym->rsa.padding.type = data_tc->rsa_data.padding;
> + xform_tc.rsa.padding.type = data_tc->rsa_data.padding;
>
> if (op->asym->rsa.op_type ==
> RTE_CRYPTO_ASYM_OP_ENCRYPT) {
> asym_op->rsa.message.data = data_tc-
> >rsa_data.pt.data; diff --git a/app/test/test_cryptodev_rsa_test_vectors.h
> b/app/test/test_cryptodev_rsa_test_vectors.h
> index 04539a1ecf..1e05525d4d 100644
> --- a/app/test/test_cryptodev_rsa_test_vectors.h
> +++ b/app/test/test_cryptodev_rsa_test_vectors.h
> @@ -349,6 +349,7 @@ struct rte_crypto_asym_xform rsa_xform = {
> .next = NULL,
> .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
> .rsa = {
> + .padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5,
> .n = {
> .data = rsa_n,
> .length = sizeof(rsa_n)
> @@ -370,6 +371,7 @@ struct rte_crypto_asym_xform rsa_xform_crt = {
> .next = NULL,
> .xform_type = RTE_CRYPTO_ASYM_XFORM_RSA,
> .rsa = {
> + .padding.type = RTE_CRYPTO_RSA_PADDING_PKCS1_5,
> .n = {
> .data = rsa_n,
> .length = sizeof(rsa_n)
> diff --git a/drivers/common/cpt/cpt_ucode_asym.h
> b/drivers/common/cpt/cpt_ucode_asym.h
> index 1105a0c125..42ab0edeea 100644
> --- a/drivers/common/cpt/cpt_ucode_asym.h
> +++ b/drivers/common/cpt/cpt_ucode_asym.h
> @@ -327,7 +327,7 @@ cpt_rsa_prep(struct asym_op_params *rsa_params,
> /* Result buffer */
> rlen = mod_len;
>
> - if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
> + if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
> /* Use mod_exp operation for no_padding type */
> vq_cmd_w0.s.opcode.minor = CPT_MINOR_OP_MODEX;
> vq_cmd_w0.s.param2 = exp_len;
> @@ -412,7 +412,7 @@ cpt_rsa_crt_prep(struct asym_op_params *rsa_params,
> /* Result buffer */
> rlen = mod_len;
>
> - if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
> + if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
> /*Use mod_exp operation for no_padding type */
> vq_cmd_w0.s.opcode.minor = CPT_MINOR_OP_MODEX_CRT;
> } else {
> diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
> index 47f000dd5e..106d38c3bb 100644
> --- a/drivers/crypto/cnxk/cnxk_ae.h
> +++ b/drivers/crypto/cnxk/cnxk_ae.h
> @@ -168,6 +168,9 @@ cnxk_ae_fill_rsa_params(struct cnxk_ae_sess *sess,
> rsa->n.length = mod_len;
> rsa->e.length = exp_len;
>
> + /* Set padding info */
> + rsa->padding.type = xform->rsa.padding.type;
> +
> return 0;
> }
>
> @@ -328,7 +331,7 @@ cnxk_ae_rsa_prep(struct rte_crypto_op *op, struct
> roc_ae_buf_ptr *meta_buf,
> dptr += in_size;
> dlen = total_key_len + in_size;
>
> - if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
> + if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
> /* Use mod_exp operation for no_padding type */
> w4.s.opcode_minor = ROC_AE_MINOR_OP_MODEX;
> w4.s.param2 = exp_len;
> @@ -383,7 +386,7 @@ cnxk_ae_rsa_exp_prep(struct rte_crypto_op *op, struct
> roc_ae_buf_ptr *meta_buf,
> dptr += in_size;
> dlen = mod_len + privkey_len + in_size;
>
> - if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
> + if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
> /* Use mod_exp operation for no_padding type */
> w4.s.opcode_minor = ROC_AE_MINOR_OP_MODEX;
> w4.s.param2 = privkey_len;
> @@ -441,7 +444,7 @@ cnxk_ae_rsa_crt_prep(struct rte_crypto_op *op, struct
> roc_ae_buf_ptr *meta_buf,
> dptr += in_size;
> dlen = total_key_len + in_size;
>
> - if (rsa_op.padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
> + if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
> /*Use mod_exp operation for no_padding type */
> w4.s.opcode_minor = ROC_AE_MINOR_OP_MODEX_CRT;
> } else {
> @@ -836,7 +839,7 @@ cnxk_ae_dequeue_rsa_op(struct rte_crypto_op *cop,
> uint8_t *rptr,
> memcpy(rsa->cipher.data, rptr, rsa->cipher.length);
> break;
> case RTE_CRYPTO_ASYM_OP_DECRYPT:
> - if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
> + if (rsa_ctx->padding.type ==
> RTE_CRYPTO_RSA_PADDING_NONE) {
> rsa->message.length = rsa_ctx->n.length;
> memcpy(rsa->message.data, rptr, rsa-
> >message.length);
> } else {
> @@ -856,7 +859,7 @@ cnxk_ae_dequeue_rsa_op(struct rte_crypto_op *cop,
> uint8_t *rptr,
> memcpy(rsa->sign.data, rptr, rsa->sign.length);
> break;
> case RTE_CRYPTO_ASYM_OP_VERIFY:
> - if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
> + if (rsa_ctx->padding.type ==
> RTE_CRYPTO_RSA_PADDING_NONE) {
> rsa->sign.length = rsa_ctx->n.length;
> memcpy(rsa->sign.data, rptr, rsa->sign.length);
> } else {
> diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c
> b/drivers/crypto/octeontx/otx_cryptodev_ops.c
> index 947e1be385..d315dc3237 100644
> --- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
> +++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
> @@ -708,7 +708,7 @@ otx_cpt_asym_rsa_op(struct rte_crypto_op *cop, struct
> cpt_request_info *req,
> memcpy(rsa->cipher.data, req->rptr, rsa->cipher.length);
> break;
> case RTE_CRYPTO_ASYM_OP_DECRYPT:
> - if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE)
> + if (rsa_ctx->padding.type ==
> RTE_CRYPTO_RSA_PADDING_NONE)
> rsa->message.length = rsa_ctx->n.length;
> else {
> /* Get length of decrypted output */ @@ -725,7 +725,7
> @@ otx_cpt_asym_rsa_op(struct rte_crypto_op *cop, struct cpt_request_info
> *req,
> memcpy(rsa->sign.data, req->rptr, rsa->sign.length);
> break;
> case RTE_CRYPTO_ASYM_OP_VERIFY:
> - if (rsa->padding.type == RTE_CRYPTO_RSA_PADDING_NONE)
> + if (rsa_ctx->padding.type ==
> RTE_CRYPTO_RSA_PADDING_NONE)
> rsa->sign.length = rsa_ctx->n.length;
> else {
> /* Get length of decrypted output */ diff --git
> a/drivers/crypto/openssl/openssl_pmd_private.h
> b/drivers/crypto/openssl/openssl_pmd_private.h
> index ed6841e460..a6cc3b0749 100644
> --- a/drivers/crypto/openssl/openssl_pmd_private.h
> +++ b/drivers/crypto/openssl/openssl_pmd_private.h
> @@ -173,6 +173,7 @@ struct openssl_asym_session {
> union {
> struct rsa {
> RSA *rsa;
> + uint32_t pad;
> #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
> EVP_PKEY_CTX * ctx;
> #endif
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index f65fbca300..451151e47c 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -2513,7 +2513,7 @@ process_openssl_rsa_op_evp(struct rte_crypto_op
> *cop,
> struct openssl_asym_session *sess)
> {
> struct rte_crypto_asym_op *op = cop->asym;
> - uint32_t pad = (op->rsa.padding.type);
> + uint32_t pad = sess->u.r.pad;
> uint8_t *tmp;
> size_t outlen = 0;
> int ret = -1;
> @@ -2670,7 +2670,7 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
> int ret = 0;
> struct rte_crypto_asym_op *op = cop->asym;
> RSA *rsa = sess->u.r.rsa;
> - uint32_t pad = (op->rsa.padding.type);
> + uint32_t pad = sess->u.r.pad;
> uint8_t *tmp;
>
> cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS; diff --git
> a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> index 29ad1b9505..3ea46caae9 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
> @@ -845,6 +845,7 @@ static int openssl_set_asym_session_parameters(
> if (!n || !e)
> goto err_rsa;
>
> + asym_session->u.r.pad = xform->rsa.padding.type;
> #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
> OSSL_PARAM_BLD * param_bld = OSSL_PARAM_BLD_new();
> if (!param_bld) {
> diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
> index 82e165538d..e1b6e0b2f6 100644
> --- a/drivers/crypto/qat/qat_asym.c
> +++ b/drivers/crypto/qat/qat_asym.c
> @@ -353,7 +353,7 @@ rsa_set_pub_input(struct icp_qat_fw_pke_request
> *qat_req,
> alg_bytesize = qat_function.bytesize;
>
> if (asym_op->rsa.op_type == RTE_CRYPTO_ASYM_OP_ENCRYPT) {
> - switch (asym_op->rsa.padding.type) {
> + switch (xform->rsa.padding.type) {
> case RTE_CRYPTO_RSA_PADDING_NONE:
> SET_PKE_LN(asym_op->rsa.message, alg_bytesize, 0);
> break;
> @@ -365,7 +365,7 @@ rsa_set_pub_input(struct icp_qat_fw_pke_request
> *qat_req,
> }
> HEXDUMP("RSA Message", cookie->input_array[0],
> alg_bytesize);
> } else {
> - switch (asym_op->rsa.padding.type) {
> + switch (xform->rsa.padding.type) {
> case RTE_CRYPTO_RSA_PADDING_NONE:
> SET_PKE_LN(asym_op->rsa.sign, alg_bytesize, 0);
> break;
> @@ -451,7 +451,7 @@ rsa_set_priv_input(struct icp_qat_fw_pke_request
> *qat_req,
>
> if (asym_op->rsa.op_type ==
> RTE_CRYPTO_ASYM_OP_DECRYPT) {
> - switch (asym_op->rsa.padding.type) {
> + switch (xform->rsa.padding.type) {
> case RTE_CRYPTO_RSA_PADDING_NONE:
> SET_PKE_LN(asym_op->rsa.cipher, alg_bytesize,
> 0);
> HEXDUMP("RSA ciphertext", cookie->input_array[0],
> @@ -465,7 +465,7 @@ rsa_set_priv_input(struct icp_qat_fw_pke_request
> *qat_req,
>
> } else if (asym_op->rsa.op_type ==
> RTE_CRYPTO_ASYM_OP_SIGN) {
> - switch (asym_op->rsa.padding.type) {
> + switch (xform->rsa.padding.type) {
> case RTE_CRYPTO_RSA_PADDING_NONE:
> SET_PKE_LN(asym_op->rsa.message, alg_bytesize, 0);
> HEXDUMP("RSA text to be signed", cookie-
> >input_array[0], @@ -505,7 +505,8 @@ rsa_set_input(struct
> icp_qat_fw_pke_request *qat_req,
>
> static uint8_t
> rsa_collect(struct rte_crypto_asym_op *asym_op,
> - const struct qat_asym_op_cookie *cookie)
> + const struct qat_asym_op_cookie *cookie,
> + const struct rte_crypto_asym_xform *xform)
> {
> uint32_t alg_bytesize = cookie->alg_bytesize;
>
> @@ -521,7 +522,7 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
> HEXDUMP("RSA Encrypted data", cookie-
> >output_array[0],
> alg_bytesize);
> } else {
> - switch (asym_op->rsa.padding.type) {
> + switch (xform->rsa.padding.type) {
> case RTE_CRYPTO_RSA_PADDING_NONE:
> rte_memcpy(asym_op->rsa.cipher.data,
> cookie->output_array[0],
> @@ -538,7 +539,7 @@ rsa_collect(struct rte_crypto_asym_op *asym_op,
> }
> } else {
> if (asym_op->rsa.op_type ==
> RTE_CRYPTO_ASYM_OP_DECRYPT) {
> - switch (asym_op->rsa.padding.type) {
> + switch (xform->rsa.padding.type) {
> case RTE_CRYPTO_RSA_PADDING_NONE:
> rte_memcpy(asym_op->rsa.message.data,
> cookie->output_array[0],
> @@ -1009,7 +1010,7 @@ qat_asym_collect_response(struct rte_crypto_op
> *op,
> case RTE_CRYPTO_ASYM_XFORM_MODINV:
> return modinv_collect(asym_op, cookie, xform);
> case RTE_CRYPTO_ASYM_XFORM_RSA:
> - return rsa_collect(asym_op, cookie);
> + return rsa_collect(asym_op, cookie, xform);
> case RTE_CRYPTO_ASYM_XFORM_ECDSA:
> return ecdsa_collect(asym_op, cookie);
> case RTE_CRYPTO_ASYM_XFORM_ECPM:
> diff --git a/examples/fips_validation/main.c b/examples/fips_validation/main.c
> index 4237224d9d..c8e8145a69 100644
> --- a/examples/fips_validation/main.c
> +++ b/examples/fips_validation/main.c
> @@ -926,31 +926,7 @@ prepare_rsa_op(void)
> __rte_crypto_op_reset(env.op, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
>
> asym = env.op->asym;
> - asym->rsa.padding.type = info.interim_info.rsa_data.padding;
> - asym->rsa.padding.hash = info.interim_info.rsa_data.auth;
> -
> if (env.digest) {
> - if (asym->rsa.padding.type ==
> RTE_CRYPTO_RSA_PADDING_PKCS1_5) {
> - int b_len = 0;
> - uint8_t b[32];
> -
> - b_len = get_hash_oid(asym->rsa.padding.hash, b);
> - if (b_len < 0) {
> - RTE_LOG(ERR, USER1, "Failed to get digest info
> for hash %d\n",
> - asym->rsa.padding.hash);
> - return -EINVAL;
> - }
> -
> - if (b_len) {
> - msg.len = env.digest_len + b_len;
> - msg.val = rte_zmalloc(NULL, msg.len, 0);
> - rte_memcpy(msg.val, b, b_len);
> - rte_memcpy(msg.val + b_len, env.digest,
> env.digest_len);
> - rte_free(env.digest);
> - env.digest = msg.val;
> - env.digest_len = msg.len;
> - }
> - }
> msg.val = env.digest;
> msg.len = env.digest_len;
> } else {
> @@ -1542,6 +1518,34 @@ prepare_rsa_xform(struct rte_crypto_asym_xform
> *xform)
> xform->rsa.e.length = vec.rsa.e.len;
> xform->rsa.n.data = vec.rsa.n.val;
> xform->rsa.n.length = vec.rsa.n.len;
> +
> + xform->rsa.padding.type = info.interim_info.rsa_data.padding;
> + xform->rsa.padding.hash = info.interim_info.rsa_data.auth;
> + if (env.digest) {
> + if (xform->rsa.padding.type ==
> RTE_CRYPTO_RSA_PADDING_PKCS1_5) {
> + struct fips_val msg;
> + int b_len = 0;
> + uint8_t b[32];
> +
> + b_len = get_hash_oid(xform->rsa.padding.hash, b);
> + if (b_len < 0) {
> + RTE_LOG(ERR, USER1, "Failed to get digest info
> for hash %d\n",
> + xform->rsa.padding.hash);
> + return -EINVAL;
> + }
> +
> + if (b_len) {
> + msg.len = env.digest_len + b_len;
> + msg.val = rte_zmalloc(NULL, msg.len, 0);
> + rte_memcpy(msg.val, b, b_len);
> + rte_memcpy(msg.val + b_len, env.digest,
> env.digest_len);
> + rte_free(env.digest);
> + env.digest = msg.val;
> + env.digest_len = msg.len;
> + }
> + }
> + }
> +
> return 0;
> }
>
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index bdf92d4358..5c80e05da2 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -315,6 +315,9 @@ struct rte_crypto_rsa_xform {
> struct rte_crypto_rsa_priv_key_qt qt;
> /**< qt - Private key in quintuple format */
> };
> +
> + struct rte_crypto_rsa_padding padding;
> + /**< RSA padding information */
> };
>
> /**
> @@ -451,9 +454,6 @@ struct rte_crypto_rsa_op_param {
> * This could be validated and overwritten by the PMD
> * with the signature length.
> */
> -
> - struct rte_crypto_rsa_padding padding;
> - /**< RSA padding information */
> };
>
> /**
> --
> 2.25.1
