From 501ed9c6611f88dbe02ca40ffe0c10a9e2234a10 Mon Sep 17 00:00:00 2001 From: Arek Kusztal Date: Thu, 18 Jul 2019 18:09:38 +0200 Subject: [PATCH] cryptodev: add cipher field to RSA op Asymmetric nature of RSA algorithm suggest to use additional field for output. In place operations still can be done by setting cipher and message pointers with the same memory address. Signed-off-by: Arek Kusztal Acked-by: Shally Verma --- app/test/test_cryptodev_asym.c | 5 +++ drivers/crypto/openssl/rte_openssl_pmd.c | 8 ++--- lib/librte_cryptodev/rte_crypto_asym.h | 43 ++++++++++++++++++++---- 3 files changed, 45 insertions(+), 11 deletions(-) diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c index 4dee164b82..97f3430ab2 100644 --- a/app/test/test_cryptodev_asym.c +++ b/app/test/test_cryptodev_asym.c @@ -92,6 +92,7 @@ queue_ops_rsa_sign_verify(struct rte_cryptodev_asym_session *sess) asym_op->rsa.message.data = rsaplaintext.data; asym_op->rsa.message.length = rsaplaintext.len; + asym_op->rsa.sign.length = 0; asym_op->rsa.sign.data = output_buf; asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT1; @@ -164,6 +165,7 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess) uint8_t dev_id = ts_params->valid_devs[0]; struct rte_crypto_op *op, *result_op; struct rte_crypto_asym_op *asym_op; + uint8_t cipher_buf[TEST_DATA_SIZE] = {0}; int ret, status = TEST_SUCCESS; /* Set up crypto op data structure */ @@ -180,6 +182,8 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess) asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT; asym_op->rsa.message.data = rsaplaintext.data; + asym_op->rsa.cipher.data = cipher_buf; + asym_op->rsa.cipher.length = 0; asym_op->rsa.message.length = rsaplaintext.len; asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2; @@ -211,6 +215,7 @@ queue_ops_rsa_enc_dec(struct rte_cryptodev_asym_session *sess) /* Use the resulted output as decryption Input vector*/ asym_op = result_op->asym; + asym_op->rsa.message.length = 0; asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT; asym_op->rsa.pad = RTE_CRYPTO_RSA_PKCS1_V1_5_BT2; diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 7c8bf0d9fb..71ae320e56 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1867,19 +1867,19 @@ process_openssl_rsa_op(struct rte_crypto_op *cop, case RTE_CRYPTO_ASYM_OP_ENCRYPT: ret = RSA_public_encrypt(op->rsa.message.length, op->rsa.message.data, - op->rsa.message.data, + op->rsa.cipher.data, rsa, pad); if (ret > 0) - op->rsa.message.length = ret; + op->rsa.cipher.length = ret; OPENSSL_LOG(DEBUG, "length of encrypted text %d\n", ret); break; case RTE_CRYPTO_ASYM_OP_DECRYPT: - ret = RSA_private_decrypt(op->rsa.message.length, - op->rsa.message.data, + ret = RSA_private_decrypt(op->rsa.cipher.length, + op->rsa.cipher.data, op->rsa.message.data, rsa, pad); diff --git a/lib/librte_cryptodev/rte_crypto_asym.h b/lib/librte_cryptodev/rte_crypto_asym.h index 02ec304334..1d4ec8058d 100644 --- a/lib/librte_cryptodev/rte_crypto_asym.h +++ b/lib/librte_cryptodev/rte_crypto_asym.h @@ -395,21 +395,50 @@ struct rte_crypto_rsa_op_param { rte_crypto_param message; /**< - * Pointer to data + * Pointer to input data * - to be encrypted for RSA public encrypt. - * - to be decrypted for RSA private decrypt. * - to be signed for RSA sign generation. * - to be authenticated for RSA sign verification. + * + * Pointer to output data + * - for RSA private decrypt. + * In this case the underlying array should have been + * allocated with enough memory to hold plaintext output + * (i.e. must be at least RSA key size). The message.length + * field should be 0 and will be overwritten by the PMD + * with the decrypted length. + * + * All data is in Octet-string network byte order format. + */ + + rte_crypto_param cipher; + /**< + * Pointer to input data + * - to be decrypted for RSA private decrypt. + * + * Pointer to output data + * - for RSA public encrypt. + * In this case the underlying array should have been allocated + * with enough memory to hold ciphertext output (i.e. must be + * at least RSA key size). The cipher.length field should + * be 0 and will be overwritten by the PMD with the encrypted length. + * + * All data is in Octet-string network byte order format. */ rte_crypto_param sign; /**< - * Pointer to RSA signature data. If operation is RSA - * sign @ref RTE_CRYPTO_ASYM_OP_SIGN, buffer will be - * over-written with generated signature. + * Pointer to input data + * - to be verified for RSA public decrypt. + * + * Pointer to output data + * - for RSA private encrypt. + * In this case the underlying array should have been allocated + * with enough memory to hold signature output (i.e. must be + * at least RSA key size). The sign.length field should + * be 0 and will be overwritten by the PMD with the signature length. * - * Length of the signature data will be equal to the - * RSA modulus length. + * All data is in Octet-string network byte order format. */ enum rte_crypto_rsa_padding_type pad; -- 2.20.1