- Acc - mailweb.openeuler.org

[PATCH] cipher: optimize the process of ctx initialization
by Kai Ye 02 Apr '22

02 Apr '22

Optimize the process of ctx initialization as switching to soft work. If the ctx resources of a thread are insufficient at the beginning, the thread can't apply for resources again. Therefore, an flag checking is required. Signed-off-by: Kai Ye <yekai13(a)huawei.com> --- src/uadk_cipher.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/uadk_cipher.c b/src/uadk_cipher.c index 5ebad64..be75233 100644 --- a/src/uadk_cipher.c +++ b/src/uadk_cipher.c @@ -847,8 +847,8 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv) struct sched_params params = {0}; int ret; - priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx); - priv->req.iv = priv->iv; + if (priv->switch_flag == UADK_DO_SOFT) + return; ret = uadk_e_init_cipher(); if (unlikely(!ret)) { @@ -857,6 +857,9 @@ static void uadk_e_ctx_init(EVP_CIPHER_CTX *ctx, struct cipher_priv_ctx *priv) return; } + priv->req.iv_bytes = EVP_CIPHER_CTX_iv_length(ctx); + priv->req.iv = priv->iv; + /* * The internal RR scheduler used by environment variables, * the cipher algorithm does not distinguish between -- 2.33.0

1 0

[PATCH] drv/sec - modification for clean code
by Kai Ye 01 Apr '22

01 Apr '22

1. Delete some debug code. Debug code is not allowed in the release version. 2. Fix a code style issue in sec drv exit. Signed-off-by: Kai Ye <yekai13(a)huawei.com> --- drv/hisi_sec.c | 67 ++++++-------------------------------------------- 1 file changed, 7 insertions(+), 60 deletions(-) diff --git a/drv/hisi_sec.c b/drv/hisi_sec.c index 16fcb5f..96a2e3c 100644 --- a/drv/hisi_sec.c +++ b/drv/hisi_sec.c @@ -486,20 +486,6 @@ static int g_hmac_a_alg[WD_DIGEST_TYPE_MAX] = { int hisi_sec_init(struct wd_ctx_config_internal *config, void *priv); void hisi_sec_exit(void *priv); -#ifdef DEBUG -static void sec_dump_bd(unsigned char *bd, unsigned int len) -{ - unsigned int i; - - for (i = 0; i < len; i++) { - WD_ERR("\\0x%02x", bd[i]); - if ((i + 1) % WORD_BYTES == 0) - WD_ERR("\n"); - } - WD_ERR("\n"); -} -#endif - /* increment counter (128-bit int) by software */ static void ctr_iv_inc(__u8 *counter, __u32 c) { @@ -1290,11 +1276,6 @@ static void parse_digest_bd2(struct hisi_sec_sqe *sqe, recv_msg->data_fmt = hisi_sec_get_data_fmt_v2(sqe->sds_sa_type); recv_msg->in = (__u8 *)(uintptr_t)sqe->type2.data_src_addr; recv_msg->alg_type = WD_DIGEST; - -#ifdef DEBUG - WD_ERR("Dump digest recv sqe-->!\n"); - sec_dump_bd((unsigned char *)sqe, SQE_BYTES_NUMS); -#endif } static int digest_long_bd_check(struct wd_digest_msg *msg) @@ -1389,11 +1370,6 @@ int hisi_sec_digest_send(handle_t ctx, struct wd_digest_msg *msg) qm_fill_digest_long_bd(msg, &sqe); -#ifdef DEBUG - WD_ERR("Dump digest send sqe-->!\n"); - sec_dump_bd((unsigned char *)&sqe, SQE_BYTES_NUMS); -#endif - sqe.type2.tag = msg->tag; ret = hisi_qm_send(h_qp, &sqe, 1, &count); if (ret < 0) { @@ -1545,11 +1521,6 @@ int hisi_sec_digest_send_v3(handle_t ctx, struct wd_digest_msg *msg) qm_fill_digest_long_bd3(msg, &sqe); -#ifdef DEBUG - WD_ERR("Dump digest send sqe-->!\n"); - sec_dump_bd((unsigned char *)&sqe, SQE_BYTES_NUMS); -#endif - sqe.tag = (__u64)(uintptr_t)msg->tag; ret = hisi_qm_send(h_qp, &sqe, 1, &count); @@ -1590,11 +1561,6 @@ static void parse_digest_bd3(struct hisi_sec_sqe3 *sqe, recv_msg->data_fmt = hisi_sec_get_data_fmt_v3(sqe->bd_param); recv_msg->in = (__u8 *)(uintptr_t)sqe->data_src_addr; recv_msg->alg_type = WD_DIGEST; - -#ifdef DEBUG - WD_ERR("Dump digest recv sqe-->!\n"); - sec_dump_bd((unsigned char *)sqe, SQE_BYTES_NUMS); -#endif } int hisi_sec_digest_recv_v3(handle_t ctx, struct wd_digest_msg *recv_msg) @@ -1894,11 +1860,6 @@ int hisi_sec_aead_send(handle_t ctx, struct wd_aead_msg *msg) fill_aead_bd2_addr(msg, &sqe); -#ifdef DEBUG - WD_ERR("Dump aead send sqe-->!\n"); - sec_dump_bd((unsigned char *)&sqe, SQE_BYTES_NUMS); -#endif - sqe.type2.tag = (__u16)msg->tag; ret = hisi_qm_send(h_qp, &sqe, 1, &count); @@ -1948,11 +1909,6 @@ static void parse_aead_bd2(struct hisi_sec_sqe *sqe, SEC_AUTH_LEN_MASK; recv_msg->out_bytes = sqe->type2.clen_ivhlen + sqe->type2.cipher_src_offset; - -#ifdef DEBUG - WD_ERR("Dump aead recv sqe-->!\n"); - sec_dump_bd((unsigned char *)sqe, SQE_BYTES_NUMS); -#endif } int hisi_sec_aead_recv(handle_t ctx, struct wd_aead_msg *recv_msg) @@ -2163,11 +2119,6 @@ int hisi_sec_aead_send_v3(handle_t ctx, struct wd_aead_msg *msg) fill_aead_bd3_addr(msg, &sqe); -#ifdef DEBUG - WD_ERR("Dump aead send sqe-->!\n"); - sec_dump_bd((unsigned char *)&sqe, SQE_BYTES_NUMS); -#endif - sqe.tag = msg->tag; ret = hisi_qm_send(h_qp, &sqe, 1, &count); if (ret < 0) { @@ -2216,11 +2167,6 @@ static void parse_aead_bd3(struct hisi_sec_sqe3 *sqe, SEC_MAC_LEN_MASK; recv_msg->out_bytes = sqe->c_len_ivin + sqe->cipher_src_offset; - -#ifdef DEBUG - WD_ERR("Dump aead recv sqe-->!\n"); - sec_dump_bd((unsigned char *)sqe, SQE_BYTES_NUMS); -#endif } int hisi_sec_aead_recv_v3(handle_t ctx, struct wd_aead_msg *recv_msg) @@ -2305,16 +2251,17 @@ out: void hisi_sec_exit(void *priv) { - if (!priv) { - WD_ERR("hisi sec exit input parameter is err!\n"); - return; - } - struct hisi_sec_ctx *sec_ctx = priv; - struct wd_ctx_config_internal *config = &sec_ctx->config; + struct wd_ctx_config_internal *config; handle_t h_qp; int i; + if (!sec_ctx) { + WD_ERR("hisi sec exit input parameter is err!\n"); + return; + } + + config = &sec_ctx->config; for (i = 0; i < config->ctx_num; i++) { h_qp = (handle_t)wd_ctx_get_priv(config->ctxs[i].ctx); hisi_qm_free_qp(h_qp); -- 2.33.0

1 0

[PATCH] utils: add glibc version checking for uadk_memcpy
by Kai Ye 01 Apr '22

01 Apr '22

No assembly language is required as glibc version >= 2.32. This is because the later glibc version has updated this optimization. Signed-off-by: Kai Ye <yekai13(a)huawei.com> --- src/uadk_utils.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/uadk_utils.c b/src/uadk_utils.c index 2b34b3a..6e91ba2 100644 --- a/src/uadk_utils.c +++ b/src/uadk_utils.c @@ -14,9 +14,20 @@ * limitations under the License. * */ +#include <gnu/libc-version.h> #include "uadk_utils.h" -#define UADK_MEM_IMPROVE_THRESHOLD 1024 +#define GLIBC_MAIN 2U +#define GLIBC_MINOR 32U +#define UADK_MEM_IMPROVE_THRESHOLD 1024U + +#if __ARM_NEON && defined(__GLIBC__) && defined(__GLIBC_MINOR__) +#define LIBC_VERSION_PREREQ(major, minor) \ + ((__GLIBC__ * 10000 + __GLIBC_MINOR__ * 100) < \ + (major * 10000 + minor * 100)) +#else +#define LIBC_VERSION_PREREQ(major, minor) 0 +#endif static void *memcpy_large(void *dstpp, const void *srcpp, size_t len) { @@ -56,7 +67,9 @@ static void *memcpy_large(void *dstpp, const void *srcpp, size_t len) void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len) { - if (len >= UADK_MEM_IMPROVE_THRESHOLD) + /* No assembly language is required as glibc version >= 2.32 */ + if (len >= UADK_MEM_IMPROVE_THRESHOLD && + LIBC_VERSION_PREREQ(GLIBC_MAIN, GLIBC_MINOR)) return memcpy_large(dstpp, srcpp, len); else return memcpy(dstpp, srcpp, len); -- 2.33.0

3 2

[PATCH 1/2] uadk: Add quick start document for UADK
by Zhiqi Song 01 Apr '22

01 Apr '22

A quick start document is added to help users of OpenEuler quickly start using UADK and UADK engine. Signed-off-by: Zhiqi Song <songzhiqi1(a)huawei.com> --- UADK_quick_start.md | 567 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 567 insertions(+) create mode 100644 UADK_quick_start.md diff --git a/UADK_quick_start.md b/UADK_quick_start.md new file mode 100644 index 00000000..64d070b6 --- /dev/null +++ b/UADK_quick_start.md @@ -0,0 +1,567 @@ +# UADK �� +- [UADK ��](#uadk-��) + - [1 ��](#1-��) + - [1.1 UADK](#11-uadk) + - [1.2 UADK engine](#12-uadk-engine) + - [1.3 ��](#13-��) + - [2 ��](#2-��) + - [2.1 ��](#21-��) + - [2.2 ��](#22-��) + - [2.2.1 ��](#221-��) + - [2.2.2 ��](#222-��) + - [2.3 ��](#23-��) + - [3 ��](#3-��) + - [3.1 UADK ��](#31-uadk-��) + - [3.1.1 yum��](#311-yum��) + - [3.1.2 RPM��](#312-rpm��) + - [3.1.3 ��](#313-��) + - [3.2 ��UACCE��](#32-��uacce��) + - [3.3 ��](#33-��) + - [3.4 ��](#34-��) + - [3.5 UADK engine ��](#35-uadk-engine-��) + - [3.5.1 yum��](#351-yum��) + - [3.5.2 RPM��](#352-rpm��) + - [3.5.3 ��](#353-��) + - [4 ��](#4-��) + - [4.1 ��UADK](#41-��uadk) + - [4.1.1 ��](#411-��) + - [4.1.2 ��](#412-��) + - [4.2 ��UADK engine](#42-��uadk-engine) + - [4.2.1 ��](#421-��) + - [4.2.2 ��](#422-��) +---- + +## 1 �� +��UADK �� UADK engine�� +��UADK ��UADK engine�� +### 1.1 UADK +UADK��User Space Accelerator Development Kit��SVA��Shared Virtual Address��UADK��UACCE��Unified/User-space-access-intended Accelerator Framework��SVA��UADK�� + +UADK��UACCE��SVA��IOMMU��SVA��UACCE��,��UADK�� +- AES��SM4��DES��SM3��SHAx��MD5��AEAD��HMAC�� +- RSA��DH�� +- gzip��zlib�� + +��Kunpeng��UACCE��UADK��CPU��CPU�� +### 1.2 UADK engine +UADK engine��UADK��OpenSSL��engine��UADK engine��OpenSSL��OpenSSL�� + +UADK engine��RSA engine��DH engine��ECC engine��Cipher engine��Digest engine��5��UADK��UADK engine��OpenSSL��OpenSSL��engine id��uadk_engine��UADK engine�� +- RSA engine�� +- DH engine�� +- Cipher engine�� +- Digest engine�� + +��Kunpeng��UADK��OpenSSL��OpenSSL��UADK engine��Kunpeng�� + +### 1.3 �� +�� Web�� + +----------- + +## 2 �� +��Kunpeng��UADK��UADK engine�� +### 2.1 �� +��UADK��Kunpeng��9xx��CPU �� +### 2.2 �� +#### 2.2.1 �� +OpenEuler 22.03�� +��IOMMU & SVA�� +#### 2.2.2 �� +OpenSSL 1.1.1a�� +### 2.3 �� +��UADK ��UADK engine �� + +gcc version 10.2.0 (GCC) + +-------- + +## 3 �� +��Kunpeng��UADK��UADK engine�� +��Kunpeng��UADK�� +### 3.1 UADK �� +UADK��yum��RPM�� +#### 3.1.1 yum�� +��OpenEuler 22.03��yum�� +``` +yum install libwd +``` +#### 3.1.2 RPM�� +��OpenEuler��UADK rpm��https://gitee.com/src-openeuler/libwd + +�� +``` +cd /usr/src/ + +git clone https://gitee.com/src-openeuler/libwd.git + +mkdir -p /root/rpmbuild + +cd /root/rpmbuild + +mkdir BUILD BUILDROOT RPMS SOURCES SPECS SRPMS + +cp /usr/src/libwd/libwd*.tar.gz /usr/src/libwd/*patch /root/rpmbuild/SOURCES/ + +cp /usr/src/libwd/warpdrive.spec /root/rpmbuild/SPECS/ + +rpmbuild --bb SPECS/warpdrive.spec + +rpm -ivh /root/rpmbuild/RPMS/aarch64/libwd*.rpm +``` +#### 3.1.3 �� +��Linaro��UADK��https://github.com/Linaro/uadk + +�� +https://github.com/Linaro/uadk/blame/master/INSTALL + +### 3.2 ��UACCE�� +��uacce.ko�� + +��```modprobe uacce``` ��```insmod /lib/modules/$(uname -r)/uacce.ko``` + +### 3.3 �� +��Kunpeng�� + +| �� | �� | +|---|---| +HPRE|uacce.ko, hisi_qm.ko, hisi_hpre.ko| +ZIP|uacce.ko, hisi_qm.ko, hisi_zip.ko| +SEC|uacce.ko, hisi_qm.ko, hisi_sec2.ko| + +�� +hisi_hpre.ko/hisi_zip.ko/hisi_sec2.ko��uacce_mode��uacce_mode=1��SVA��uacce_mode=2��no-SVA�� +��Kunpeng��uacce��uacce.ko��Kunpeng��ZIP��HPRE��SEC��QM��uacce.ko��hisi_qm.ko��ZIP��HPRE��SEC�� + +��insmod��modprobe�� + +modprobe�� +- ��HPRE��SVA�� + ``` + modprobe hisi_hpre uacce_mode=1 + ``` +- ��SEC��SVA�� + ``` + modprobe hisi_sec2 uacce_mode=1 + ``` +- ��ZIP��SVA�� + ``` + modprobe hisi_zip uacce_mode=1 + ``` + +insmod�� +- ��HPRE��SVA�� + ``` + insmod /lib/modules/$(uname -r)/uacce.ko + insmod /lib/modules/$(uname -r)/hisi_qm.ko + insmod /lib/modules/$(uname -r)/hisi_zip.ko uacce_mode=1 + ``` + +- ��SEC��SVA�� + ``` + insmod /lib/modules/$(uname -r)/uacce.ko + insmod /lib/modules/$(uname -r)/hisi_qm.ko + insmod /lib/modules/$(uname -r)/hisi_sec2.ko uacce_mode=1 + ``` + +- ��ZIP��SVA�� + ``` + insmod /lib/modules/$(uname -r)/uacce.ko + insmod /lib/modules/$(uname -r)/hisi_qm.ko + insmod /lib/modules/$(uname -r)/hisi_hpre.ko uacce_mode=1 + ``` +�� + +��```cat /sys/bus/pci/drivers/<driver>/module/parameters/``` �� + +- �� + ``` + insmod <driver> [uacce_mode] [pf_q_num] [vfs_num] [sgl_sge_nr] [ctx_q_num] + ``` + + ``` + modprobe <driver_name> [uacce_mode] [pf_q_num] [vfs_num] [sgl_sge_nr] [ctx_q_num] + ``` + - []�� + - ��uacce_mode��0��uacce_mode=1�� + - SEC��pf_q_num��256��HPRE/ZIP��pf_q_num��64�� + - ��vfs_num��0�� + - ��sgl_sge_nr��10�� + - ��ctx_q_num��2�� + + ��ZIP�� + ``` + insmod /lib/modules/$(uname -r)/hisi_zip.ko uacce_mode=1 pf_q_num =16 vfs_num=1 sgl_sge_nr=16 + ``` + - ��SVA��uacce_mode=1�� + +### 3.4 �� +��Kunpeng�� +``` +modprobe -r hisi_hpre +``` +�� +``` +rmmod hisi_hpre +``` + +### 3.5 UADK engine �� +UADK engine��yum��RPM�� +#### 3.5.1 yum�� +��OpenEuler 22.03��yum�� +``` +yum install uadk_engine +``` +#### 3.5.2 RPM�� +��OpenEuler��uadk_engine rpm��https://gitee.com/src-openeuler/uadk_engine + +�� +``` +cd /usr/src/ + +git clone https://gitee.com/src-openeuler/uadk_engine.git + +mkdir -p /root/rpmbuild + +cd /root/rpmbuild + +mkdir BUILD BUILDROOT RPMS SOURCES SPECS SRPMS + +cp /usr/src/uadk_engine/uadk_engine*.tar.gz /usr/src/uadk_engine/*patch /root/rpmbuild/SOURCES/ + +cp /usr/src/uadk_engine/uadk_engine.spec /root/rpmbuild/SPECS/ + +rpmbuild --bb SPECS/uadk_engine.spec + +rpm -ivh /root/rpmbuild/RPMS/aarch64/uadk_engine*.rpm --prefix=/usr/local/openssl/lib/engines-1.1 + +``` +#### 3.5.3 �� +��Linaro��UADK engine��https://github.com/Linaro/uadk_engine + +�� +https://github.com/Linaro/uadk_engine/blob/master/README + +----------- + +## 4 �� +### 4.1 ��UADK +UADK��UADK��uadk_tool��```uadk_tool benchmark --help```�� +#### 4.1.1 �� +��export��: +``` +export WD_RSA_CTX_NUM="sync:2@0,async:4@0" +export WD_DH_CTX_NUM="sync:2@0,async:4@0" +export WD_CIPHER_CTX_NUM="sync:2@2,async:4@2" +export WD_DIGEST_CTX_NUM="sync:2@2,async:4@2" +``` +��```ctx_mode:ctx_num@node```��node��numa��ctx_num��ctx_mode�� +��```"sync:2@0,async:4@0"```��numa 0��2��sync��4��async�� + +#### 4.1.2 �� +- MD5�� + + ��md5��SVA�� + ``` + uadk_tool benchmark --alg md5 --mode sva --opt 0 --sync --seconds 5 --thread 2 --multi 1 --ctxnum 6 + ``` + +- SM3�� + + ��sm3��SVA�� + ``` + uadk_tool benchmark --alg sm3 --mode sva --opt 0 --sync --seconds 5 --thread 2 --multi 1 --ctxnum 6 + ``` +- SHA�� + + ��sha-512��SVA�� + ``` + uadk_tool benchmark --alg sha-512 --mode sva --opt 0 --sync --seconds 5 --thread 2 --multi 1 --ctxnum 6 + ``` +- AES�� + + ��aes-128-cbc��SVA�� + ``` + uadk_tool benchmark --alg aes-128-cbc --mode sva --opt 0 --sync --pktlen 1024 --seconds 5 --multi 1 --thread 2 --ctxnum 6 + ``` + ��aes-128-cbc��SVA�� + ``` + uadk_tool benchmark --alg aes-128-cbc --mode sva --opt 1 --sync --pktlen 1024 --seconds 5 --multi 1 --thread 2 --ctxnum 6 + ``` + +- SM4�� + + ��sm4-128-ecb��SVA�� + ``` + uadk_tool benchmark --alg sm4-128-ecb --mode sva --opt 0 --sync --pktlen 1024 --seconds 5 --multi 1 --thread 2 --ctxnum 6 + ``` + + ��sm4-128-ecb��SVA�� + ``` + uadk_tool benchmark --alg sm4-128-ecb --mode sva --opt 1 --sync --pktlen 1024 --seconds 5 --multi 1 --thread 2 --ctxnum 6 + ``` + +- DES�� + + ��3des-128-ecb��SVA�� + ``` + uadk_tool benchmark --alg 3des-128-ecb --mode sva --opt 0 --sync --pktlen 1024 --seconds 5 --multi 1 --thread 2 --ctxnum 6 + ``` + + ��3des-128-ecb��SVA�� + ``` + uadk_tool benchmark --alg 3des-128-ecb --mode sva --opt 1 --sync --pktlen 1024 --seconds 5 --multi 1 --thread 2 --ctxnum 6 + ``` +��```uadk_tool benchmark --help```�� + +### 4.2 ��UADK engine +��openssl��uadk engine��openssl�� +#### 4.2.1 �� +UADK engine�� +1. ��openssl.cnf��/usr/local/ssl/�� + ``` + openssl_cnf = openssl_def + [openssl_def] + engines = engine_section + [engine_section] + uadk_engine = uadk_section + [uadk_section] + UADK_CMD_ENABLE_RSA_ENV = 1 + UADK_CMD_ENABLE_DH_ENV = 1 + UADK_CMD_ENABLE_CIPHER_ENV = 1 + UADK_CMD_ENABLE_DIGEST_ENV = 1 + ``` + +2. ��export�� + ``` + export WD_RSA_CTX_NUM="sync:2@0,async:4@0" + export WD_DH_CTX_NUM="sync:2@0,async:4@0" + export WD_CIPHER_CTX_NUM="sync:2@2,async:4@2" + export WD_DIGEST_CTX_NUM="sync:2@2,async:4@2" + ``` + ��```ctx_mode:ctx_num@node```��node��numa��ctx_num��ctx_mode�� +��```"sync:2@0,async:4@0"```��numa 0��2��sync��4��async�� + +#### 4.2.2 �� +- RSA�� + + �� + ``` + openssl genrsa -out prikey.pem -engine uadk_engine 1024 + ``` + �� + ``` + openssl rsa -in prikey.pem -pubout -out pubkey.pem -engine uadk_engine + ``` + ��plain.txt: + ``` + echo "Content to be encrypted" > plain.txt + ``` + �� + ``` + openssl rsautl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt -engine uadk_engine + ``` + �� + ``` + openssl rsautl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt -engine uadk_engine + ``` + ��msg.txt: + ``` + echo "Content to be signed" > msg.txt + ``` + �� + ``` + openssl rsautl -sign -in msg.txt -inkey prikey.pem -out signed.txt -engine uadk_engine + ``` + �� + ``` + openssl rsautl -verify -in signed.txt -inkey pubkey.pem -pubin -out verified.txt -engine uadk_engine + ``` + ��openssl speed�� + ``` + openssl speed -elapsed -engine uadk_engine rsa1024 + openssl speed -elapsed -engine uadk_engine -async_jobs 10 rsa1024 + openssl speed -elapsed -engine uadk_engine -async_jobs 36 rsa1024 + ``` +- DH�� + + �� + ``` + openssl dhparam -out dhparam.pem 768 + ``` + ��Alice��: + ``` + openssl genpkey -paramfile dhparam.pem -out alice_prikey.pem -engine uadk_engine + ``` + ��Alice�� + ``` + openssl pkey -in alice_prikey.pem -pubout -out alice_pubkey.pem + ``` + ��Bob�� + ``` + openssl genpkey -paramfile dhparam.pem -out bob_prikey.pem -engine uadk_engine + ``` + ��Bob�� + ``` + openssl pkey -in bob_prikey.pem -pubout -out bob_pubkey.pem + ``` + �� + ``` + openssl pkeyutl -derive -inkey alice_prikey.pem -peerkey bob_pubkey.pem -out secret1.bin -engine uadk_engine + openssl pkeyutl -derive -inkey bob_prikey.pem -peerkey alice_pubkey.pem -out secret2.bin -engine uadk_engine + ``` + �� + ``` + cmp secret1.bin secret2.bin + xxd secret1.bin + xxd secret2.bin + ``` +- MD5�� + + ��data.txt�� + ``` + echo "Content to be hashed" > data.txt + ``` + �� + ``` + openssl md5 -engine uadk_engine data.txt + ``` + openssl speed�� + ``` + openssl speed -engine uadk_engine -async_jobs 1 -evp md5 + ``` +- SM3�� + + ��data.txt�� + ``` + echo "Content to be hashed" > data.txt + ``` + �� + ``` + openssl sm3 -engine uadk_engine data.txt + ``` +- SHA�� + + ��data.txt�� + ``` + echo "Content to be hashed" > data.txt + ``` + �� + ``` + openssl sha1 -engine uadk_engine data.txt + openssl sha256 -engine uadk_engine data.txt + openssl sha512 -engine uadk_engine data.txt + ``` +- AES�� + + ��data.txt�� + ``` + echo "Content to be encrypted" > data + ``` + aes-128-cbc�� + ``` + openssl enc -aes-128-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p + ``` + aes-128-cbc�� + ``` + openssl enc -aes-128-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p + ``` + aes-192-cbc�� + ``` + openssl enc -aes-192-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p + ``` + aes-192-cbc�� + ``` + openssl enc -aes-192-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p + ``` + aes-256-cbc�� + ``` + openssl enc -aes-256-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p + ``` + aes-256-cbc�� + ``` + openssl enc -aes-256-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p + ``` + aes-128-ecb�� + ``` + openssl enc -aes-128-ecb -a -in data -out data.en -pass pass:123456 -K abc -engine uadk_engine -p + ``` + aes-128-ecb�� + ``` + openssl enc -aes-128-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -engine uadk_engine -p + ``` + aes-192-ecb�� + ``` + openssl enc -aes-192-ecb -a -in data -out data.en -pass pass:123456 -K abc -engine uadk_engine -p + ``` + aes-192-ecb�� + ``` + openssl enc -aes-192-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -engine uadk_engine -p + ``` + aes-256-ecb�� + ``` + openssl enc -aes-256-ecb -a -in data -out data.en -pass pass:123456 -K abc -engine uadk_engine -p + ``` + aes-256-ecb�� + ``` + openssl enc -aes-256-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -engine uadk_engine -p + ``` + aes-128-ctr�� + ``` + openssl enc -aes-128-ctr -a -in data -out data.en -pass pass:123456 -K abc -engine uadk_engine -p + ``` + aes-128-ctr�� + ``` + openssl enc -aes-128-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -engine uadk_engine -p + ``` + aes-192-ctr�� + ``` + openssl enc -aes-192-ctr -a -in data -out data.en -pass pass:123456 -K abc -engine uadk_engine -p + ``` + aes-192-ctr�� + ``` + openssl enc -aes-192-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -engine uadk_engine -p + ``` + aes-256-ctr�� + ``` + openssl enc -aes-256-ctr -a -in data -out data.en -pass pass:123456 -K abc -engine uadk_engine -p + ``` + aes-256-ctr�� + ``` + openssl enc -aes-256-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -engine uadk_engine -p + ``` +- SM4�� + + sm4-cbc�� + ``` + openssl enc -sm4-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p + ``` + sm4-cbc�� + ``` + openssl enc -sm4-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p + ``` + sm4-ecb�� + ``` + openssl enc -sm4-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p + ``` + sm4-ecb�� + ``` + openssl enc -sm4-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p + ``` +- DES�� + + des-ede3-cbc�� + ``` + openssl enc -des-ede3-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p + ``` + des-ede3-cbc�� + ``` + openssl enc -des-ede3-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p + ``` + des-ede3-ecb�� + ``` + openssl enc -des-ede3-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p + ``` + des-ede3-ecb�� + ``` + openssl enc -des-ede3-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p -- 2.33.0

1 0

[PATCH] uadk: Add quick start document
by Zhiqi Song 30 Mar '22

30 Mar '22

A quick start document is added to help users quickly start using UADK and UADK engine. Signed-off-by: Zhiqi Song <songzhiqi1(a)huawei.com> --- UADK_quick_start.md | 802 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 802 insertions(+) create mode 100644 UADK_quick_start.md diff --git a/UADK_quick_start.md b/UADK_quick_start.md new file mode 100644 index 00000000..db2c0aca --- /dev/null +++ b/UADK_quick_start.md @@ -0,0 +1,802 @@ +# UADK �� +- [UADK ��](#uadk-��) + - [1 ��](#1-��) + - [2 ��](#2��) + - [2.1 ��](#21��) + - [2.2 ��](#22��) + - [2.2.1 ��](#221��) + - [2.2.2 ��](#222��) + - [2.3 ��](#23��) + - [3 ��](#3��) + - [3.1 ��UACCE��](#31��uacce��) + - [3.2 ��](#32��) + - [3.3 ��](#33��) + - [3.4 ��](#34��) + - [3.5 ��UACCE��](#35��uacce��) + - [3.6 ��](#36��) + - [3.7 UADK ��](#37uadk-��) + - [3.7.1 yum��](#371-yum��) + - [3.7.2 RPM��](#372-rpm��) + - [3.7.3 ��](#373-��) + - [3.8 UADK engine ��](#38uadk-engine-��) + - [3.8.1 yum��](#381-yum��) + - [3.8.2 RPM��](#382-rpm��) + - [3.8.3 ��](#383-��) + - [4 ��](#4��) + - [4.1 UADK](#41uadk) + - [4.1.1 ��](#411��) + - [4.1.2 ��RSA��](#412��rsa��) + - [4.1.3 ��DH��](#413��dh��) + - [4.1.4 ��ECDH��](#414��ecdh��) + - [4.1.5 ��ECXDH��](#415��ecxdh��) + - [4.1.6 ��ECDSA��](#416��ecdsa��) + - [4.1.7 ��SM2��](#417��sm2��) + - [4.1.8 ��MD5��](#418��md5��) + - [4.1.9 ��SM3��](#419��sm3��) + - [4.1.10 ��SHA��](#4110��sha��) + - [4.1.11 ��AES��](#4111��aes��) + - [4.1.12 ��SM4��](#4112��sm4��) + - [4.2 ��UADK engine](#42��uadk-engine) + - [4.2.1 ��](#421��) + - [4.2.2 ��RSA��](#422��rsa��) + - [4.2.3 ��DH��](#423��dh��) + - [4.2.4 ��ECDH��](#424��ecdh��) + - [4.2.5 ��ECXDH��](#425��ecxdh��) + - [4.2.6 ��ECDSA��](#426��ecdsa��) + - [4.2.7 ��SM2��](#427��sm2��) + - [4.2.8 ��MD5��](#428��md5��) + - [4.2.9 ��SM3��](#429��sm3��) + - [4.2.10 ��SHA��](#4210��sha��) + - [4.2.11 ��AES��](#4211��aes��) + - [4.2.12 ��SM4��](#4212��sm4��) + - [4.2.13 ��DES��](#4213��des��) +---- + +## 1 �� +��UADK �� UADK engine�� +��UADK ��UADK engine�� +### 1.1 **UADK** +UADK��User Space Accelerator Development Kit��SVA��Shared Virtual Address��**��**��UADK��UACCE��Unified/User-space-access-intended Accelerator Framework��**��SVA��UADK��**�� +��Kunpeng��UACCE��UADK��CPU��CPU�� +### 1.2 **UADK engine** +UADK engine��UADK��OpenSSL��engine��UADK engine��OpenSSL�� +��Kunpeng��UADK��OpenSSL��UADK engine��Kunpeng�� +### 1.3 UADK��&�� +UADK��UACCE��vendor driver��SVA��IOMMU��SVA�� +��UACCE��UADK�� +UADK�� +��Kunpeng��Kunpeng��UADK��UADK��Kunpeng��: +- AES��SM4��SM3��SHAx��AEAD��HMAC�� +- RSA��DH��ECDH��X25519��X448��SM2�� +- gzip��zlib��deflate��lz77_zstd�� +### 1.4 UADK engine��&�� +UADK engine��OpenSSL��RSA engine��DH engine��ECC engine��Cipher engine��Digest engine��5��UADK��UADK engine��OpenSSL ��engine id��uadk_engine�� +��Kunpeng��Kunpeng��UADK��OpenSSL�� +- RSA engine�� +- DH engine �� +- ECC engine �� +- Cipher engine�� +- Digest engine �� +### 1.5 UADK ��UADK engine�� +- �� +- �� +- �� +- Web�� + +----------- + +## 2 �� +��Kunpeng��UADK��UADK engine�� +### 2.1 �� +��UADK��Kunpeng��9xx��CPU �� +### 2.2 �� +#### 2.2.1 �� +OpenEuler�� +Ubuntu�� +CentOS�� +��IOMMU &SVA�� +#### 2.2.2 �� +OpenSSL 1.1.1a��OpenSSL1.1.1l�� +### 2.3 �� +��UADK ��UADK engine �� +gcc version 10.2.0 (GCC) + +-------- + +## 3 �� +��Kunpeng��UADK��UADK engine�� +��Kunpeng��UADK�� +### 3.1 ��UACCE�� +��UACCE��UACCE�� +�� ++ ��Linux�� +Linux��UACCE��Linux�� https://www.kernel.org/ +��UACCE�� + + UACCE�� + <linux /drivers/misc/uacce/> + ++ ��OpenEuler�� +OpenEuler��https://gitee.com/openeuler/kernel + + UACCE�� + <linux /drivers/misc/uacce/> + +### 3.2 �� +��Kunpeng�� +�� ++ ��Linux�� +��Kunpeng��HPRE��SEC��ZIP��Linux��Linux�� https://www.kernel.org/ +��Kunpeng�� + + ��Kunpeng�� + <linux/drivers/crypto/hisilicon/> + ++ ��OpenEuler�� +OpenEuler��https://gitee.com/openeuler/kernel + + ��Kunpeng�� +�� <linux/drivers/crypto/hisilicon/> +### 3.3 �� +��Kunpeng��Kunpeng��config�� + +�� +``` +CONFIG_CRYPTO_DEV_HISI_QM=m +CONFIG_CRYPTO_DEV_HISI_ZIP=m +CONFIG_CRYPTO_DEV_HISI_HPRE=m +CONFIG_CRYPTO_DEV_HISI_SEC2=m +CONFIG_CRYPTO_DEV_HISI_TRNG=m +CONFIG_CRYPTO_DEV_HISI_MIGRATION=m +``` +�� +``` +CONFIG_UACCE=m +``` +��ZIP��HPRE��SEC��TRNG�� + +��SVA�� +``` +CONFIG_IOMMU_SVA_LIB=y +CONFIG_ARM_SMMU_V3_SVA=y +CONFIG_IOMMU_PAGE_FAULT=y +CONFIG_IOMMU_SUPPORT=y +CONFIG_PCI_PASID=y +CONFIG_IOMMU_SVA=y +``` + +�� +``` +CONFIG_VFIO=m +CONFIG_VFIO_PCI=m +``` +### 3.4 �� + +| �� | �� | +|:---|:---| +X86|make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu-| +ARM|make ARCH=arm64| + +��kernel�� +### 3.5 ��UACCE�� +��uacce.ko�� +### 3.6 �� +��Kunpeng�� + +| �� | �� | +|---|---| +HPRE|uacce.ko, hisi_qm.ko, hisi_hpre.ko| +ZIP|uacce.ko, hisi_qm.ko, hisi_zip.ko| +SEC|uacce.ko, hisi_qm.ko, hisi_sec2.ko| + +�� +hisi_hpre.ko/hisi_zip.ko/hisi_sec2.ko��uacce_mode��uacce_mode=1��SVA��uacce_mode=2��no-SVA�� +ZIP��HPRE��SEC��QM��hisi_qm.ko��Kunpeng��uacce��uacce.ko�� +��insmod��modprobe�� +- ��HPRE��SVA�� +``` +modprobe uacce +modprobe hisi_qm +modprobe hisi_hpre uacce_mode=1 +``` +- ��ZIP��SVA�� +``` +modprobe uacce +modprobe hisi_qm +modprobe hisi_zip uacce_mode=1 +``` +- ��SEC��SVA�� +``` +modprobe uacce +modprobe hisi_qm +modprobe hisi_sec2 uacce_mode=1 +``` + +- �� + +��```cat /sys/bus/pci/drivers/<driver>/module/parameters/``` �� + +�� +``` +insmod <driver> [uacce_mode] [pf_q_num] [vfs_num] [sgl_sge_nr] [ctx_q_num] +``` +[]�� ++ ��uacce_mode��0��uacce_mode=1�� ++ SEC��pf_q_num��256��HPRE/ZIP��pf_q_num��64�� ++ ��vfs_num��0�� ++ ��sgl_sge_nr��10�� ++ ��ctx_q_num��2�� +��ZIP�� +``` +insmod hisi_zip.ko uacce_mode=1 pf_q_num =16 vfs_num=1 sgl_sge_nr=16 +``` +��SVA��uacce_mode=1�� + +�� + + +### 3.7 UADK �� +UADK��yum��RPM�� + +#### 3.7.1 yum�� +��OpenEuler 22.03��yum�� +yum install libwd + +#### 3.7.2 RPM�� +��OpenEuler��UADK rpm��https://gitee.com/src-openeuler/libwd + +�� +``` +cd /usr/src/ + +git clone https://gitee.com/src-openeuler/libwd.git + +mkdir -p /usr/src/rpmbuild + +cd /usr/src/ rpmbuild + +mkdir SOURCES SPECS BUILD RPMS SRPMS + +cp /usr/src/libwd/libwd-xxx.tar.gz /usr/src/libwd/*patch /usr/src/rpmbuild/SOURCES/ + +cp /usr/src/libwd/warpdrive.spec /usr/src/rpmbuild/SPECS/ + +rpmbuild ��bb SPECS/warpdrive.spec +``` + +#### 3.7.3 �� +��Linaro��UADK��https://github.com/Linaro/uadk +�� +https://github.com/Linaro/uadk/blame/master/INSTALL + +### 3.8 UADK engine �� +UADK engine��yum��RPM�� +#### 3.8.1 yum�� +��OpenEuler 22.03��yum�� +``` +yum install uadk_engine +``` +#### 3.8.2 RPM�� +��OpenEuler��uadk_engine rpm��https://gitee.com/src-openeuler/uadk_engine + +�� +``` +cd /usr/src/ + +git clone https://gitee.com/src-openeuler/uadk_engine.git + +mkdir -p /usr/src/rpmbuild + +cd /usr/src/ rpmbuild + +mkdir SOURCES SPECS BUILD RPMS SRPMS + +cp /usr/src/uadk_engine/uadk_engine-xxx.tar.gz /usr/src/uadk_engine/*patch /usr/src/rpmbuild/SOURCES/ + +cp /usr/src/uadk_engine/ uadk_engine.spec /usr/src/rpmbuild/SPECS/ + +rpmbuild ��bb SPECS/uadk_engine.spec +``` +#### 3.8.3 �� +��Linaro��UADK engine��https://gitee.com/src-openeuler/uadk_engine + +�� +https://github.com/Linaro/uadk_engine/blob/master/README + +----------- + +## 4 �� +### 4.1 UADK +uadk/uadk_tool/��UADK��UADK��uadk_benchmark��```uadk_benchmark --help```��```uadk_benchmark --alglist```�� +#### 4.1.1 �� +��export��: +``` +export WD_RSA_CTX_NUM="sync:2@0,async:4@0" +export WD_DH_CTX_NUM="sync:2@0,async:4@0" +export WD_CIPHER_CTX_NUM="sync:2@2,async:4@2" +export WD_DIGEST_CTX_NUM="sync:2@2,async:4@2" +export WD_ECC_CTX_NUM="sync:2@0,async:4@0" +``` +�� + +#### 4.1.2 ��RSA�� +��rsa-1024��SVA�� +``` +uadk_benchmark --alg rsa-1024 --mode sva --optype 0 --sync --seconds 5 --thread 2 --multi 1 --ctxnum 6 +``` +��rsa-1024��SVA�� +``` +uadk_benchmark --alg rsa-1024 --mode sva --optype 1 --async --seconds 5 --thread 2 --multi 1 --ctxnum 6 +``` + +��uadk_benchmark --help�� +#### 4.1.3 ��DH�� +��dh-1024��SVA�� +``` +uadk_benchmark --alg dh-1024 --mode sva --optype 0 --sync --seconds 5 --thread 2 --multi 1 --ctxnum 6 +``` + +��dh-1024��SVA�� +``` +uadk_benchmark --alg dh-1024 --mode sva --optype 1 --async --seconds 5 --thread 2 --multi 1 --ctxnum 6 +``` + +��uadk_benchmark --help�� + +#### 4.1.4 ��ECDH�� +��ecdh-1024��SVA�� +``` +uadk_benchmark --alg ecdh-1024 --mode sva --optype 0 --sync --seconds 5 --thread 2 --multi 1 --ctxnum 6 +``` + +��ecdh-1024��SVA�� +``` +uadk_benchmark --alg ecdh-1024 --mode sva --optype 1 --async --seconds 5 --thread 2 --multi 1 --ctxnum 6 +``` + +��uadk_benchmark --help�� + +#### 4.1.5 ��ECXDH�� +��x25519��SVA�� +``` +uadk_benchmark --alg x25519 --mode sva --optype 0 --sync --seconds 5 --thread 2 --multi 1 --ctxnum 6 +``` + +��x25519��SVA�� +``` +uadk_benchmark --alg x25519 --mode sva --optype 1 --async --seconds 5 --thread 2 --multi 1 --ctxnum 6 +``` + +��x448��SVA�� +``` +uadk_benchmark --alg x25519 --mode sva --optype 0 --sync --seconds 5 --thread 2 --multi 1 --ctxnum 6 +``` + +��x448��SVA�� +``` +uadk_benchmark --alg x25519 --mode sva --optype 1 --async --seconds 5 --thread 2 --multi 1 --ctxnum 6 +``` + +��uadk_benchmark --help�� + +#### 4.1.6 ��ECDSA�� +��ecdsa-256��SVA�� +``` +uadk_benchmark --alg ecdsa-256 --mode sva --optype 4 --sync --seconds 5 --thread 2 --multi 1 --ctxnum 6 +``` + +��ecdsa-256��SVA�� +``` +uadk_benchmark --alg ecdsa-256 --mode sva --optype 5 --async --seconds 5 --thread 2 --multi 1 --ctxnum 6 +``` + +��uadk_benchmark --help�� + +#### 4.1.7 ��SM2�� +��sm2��SVA�� +``` +uadk_benchmark --alg sm2 --mode sva --optype 4 --sync --seconds 5 --thread 2 --multi 1 --ctxnum 6 +``` + +��sm2��SVA�� +``` +uadk_benchmark --alg sm2 --mode sva --optype 5 --async --seconds 5 --thread 2 --multi 1 --ctxnum 6 +``` + +��uadk_benchmark --help�� + +#### 4.1.8 ��MD5�� +��md5��SVA�� +``` +uadk_benchmark --alg md5 --mode sva --optype 0 --sync --seconds 5 --thread 2 --multi 1 --ctxnum 6 +``` + +��md5��SVA�� +``` +uadk_benchmark --alg md5 --mode sva --optype 0 --async --seconds 5 --thread 2 --multi 1 --ctxnum 6 +``` + +��uadk_benchmark --help�� + +#### 4.1.9 ��SM3�� +��sm3��SVA�� +``` +uadk_benchmark --alg sm3 --mode sva --optype 0 --sync --seconds 5 --thread 2 --multi 1 --ctxnum 6 +``` + +��sm3��SVA�� +``` +uadk_benchmark --alg sm3 --mode sva --optype 0 --async --seconds 5 --thread 2 --multi 1 --ctxnum 6 +``` + +��uadk_benchmark --help�� + +#### 4.1.10 ��SHA�� +��sha-512��SVA�� +``` +uadk_benchmark --alg sha-512 --mode sva --optype 0 --sync --seconds 5 --thread 2 --multi 1 --ctxnum 6 +``` +��sha-512��SVA�� +``` +uadk_benchmark --alg sha-512 --mode sva --optype 0 --async --seconds 5 --thread 2 --multi 1 --ctxnum 6 +``` + +��uadk_benchmark --help�� + +#### 4.1.11 ��AES�� +��aes-128-cbc��SVA�� +``` +uadk_benchmark --alg aes-128-cbc --mode sva --optype 0 --sync --pktlen 1024 --seconds 5 --multi 1 --thread 2 --ctxnum 6 +``` + +��aes-128-cbc��SVA�� +``` +uadk_benchmark --alg aes-128-cbc --mode sva --optype 1 --async --pktlen 1024 --seconds 5 --multi 1 --thread 2 --ctxnum 6 +``` +��uadk_benchmark --help�� + +#### 4.1.12 ��SM4�� +��sm4��SVA�� +``` +uadk_benchmark --alg sm4 --mode sva --optype 0 --sync --pktlen 1024 --seconds 5 --multi 1 --thread 2 --ctxnum 6 +``` + +��sm4��SVA�� +``` +uadk_benchmark --alg sm4 --mode sva --optype 1 --async --pktlen 1024 --seconds 5 --multi 1 --thread 2 --ctxnum 6 +``` +��uadk_benchmark --help�� + +### 4.2 ��UADK engine +��openssl��uadk engine��openssl�� +#### 4.2.1 �� +UADK engine�� +1. ��openssl.cnf��/usr/local/ssl/�� +``` +openssl_cnf = openssl_def +[openssl_def] +engines = engine_section +[engine_section] +uadk_engine = uadk_section +[uadk_section] +UADK_CMD_ENABLE_RSA_ENV = 1 +UADK_CMD_ENABLE_DH_ENV = 1 +UADK_CMD_ENABLE_CIPHER_ENV = 1 +UADK_CMD_ENABLE_DIGEST_ENV = 1 +UADK_CMD_ENABLE_ECC_ENV = 1 +``` + +2. ��export�� +``` +export WD_RSA_CTX_NUM="sync:2@0,async:4@0" +export WD_DH_CTX_NUM="sync:2@0,async:4@0" +export WD_CIPHER_CTX_NUM="sync:2@2,async:4@2" +export WD_DIGEST_CTX_NUM="sync:2@2,async:4@2" +export WD_ECC_CTX_NUM="sync:2@0,async:4@0" +``` + +�� + +#### 4.2.2 ��RSA�� +�� +``` +openssl genrsa -out prikey.pem -engine uadk_engine 1024 +``` +�� +``` +openssl rsa -in prikey.pem -pubout -out pubkey.pem -engine uadk_engine +``` +�� +``` +openssl rsautl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt -engine uadk_engine +``` +�� +``` +openssl rsautl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt -engine uadk_engine +``` +�� +``` +openssl rsautl -sign -in msg.txt -inkey prikey.pem -out signed.txt -engine uadk_engine +``` +�� +``` +openssl rsautl -verify -in signed.txt -inkey pubkey.pem -pubin -out verified.txt -engine uadk_engine +``` +��openssl speed�� +``` +openssl speed -elapsed -engine uadk_engine rsa1024 +openssl speed -elapsed -engine uadk_engine -async_jobs 10 rsa1024 +openssl speed -elapsed -engine uadk_engine -async_jobs 36 rsa1024 +``` +#### 4.2.3 ��DH�� +�� +``` +openssl dhparam -out dhparam.pem 768 +``` +��Alice��: +``` +openssl genpkey -paramfile dhparam.pem -out alice_prikey.pem -engine uadk_engine +``` +��Alice�� +``` +openssl pkey -in alice_prikey.pem -pubout -out alice_pubkey.pem +``` +��Bob�� +``` +openssl genpkey -paramfile dhparam.pem -out bob_prikey.pem -engine uadk_engine +``` +��Bob�� +``` +openssl pkey -in bob_prikey.pem -pubout -out bob_pubkey.pem +``` +�� +``` +openssl pkeyutl -derive -inkey alice_prikey.pem -peerkey bob_pubkey.pem -out secret1.bin -engine uadk_engine +openssl pkeyutl -derive -inkey bob_prikey.pem -peerkey alice_pubkey.pem -out secret2.bin -engine uadk_engine +``` +�� +``` +cmp secret1.bin secret2.bin +xxd secret1.bin +xxd secret2.bin +``` +#### 4.2.4 ��ECDH�� +��Alice�� +``` +openssl ecparam -name secp128r1 -genkey -noout -out alice_prikey_secp128r1.pem -engine uadk_engine +``` +�� +``` +openssl pkey -in alice_prikey_secp128r1.pem -text +``` +��Alice�� +``` +openssl pkey -pubout -in alice_prikey_secp128r1.pem -out alice_secp128r1.pub +``` +��Bob�� +``` +openssl ecparam -name secp128r1 -genkey -noout -out bob_prikey_secp128r1.pem -engine uadk_engine +``` +��Bob�� +``` +openssl pkey -pubout -in bob_prikey_secp128r1.pem -out bob_secp128r1.pub +``` +Alice�� +``` +openssl pkeyutl -derive -out alicebob_secp128r1.key -inkey alice_prikey_secp128r1.pem -peerkey bob_secp128r1.pub -engine uadk_engine +``` +Bob�� +``` +openssl pkeyutl -derive -out bobalice_secp128r1.key -inkey bob_prikey_secp128r1.pem -peerkey alice_secp128r1.pub -engine uadk_engine +``` +��Alice��Bob�� +``` +cmp alicebob_secp128r1.key bobalice_secp128r1.key +xxd alicebob_secp128r1.key +xxd bobalice_secp128r1.key +``` +#### 4.2.5 ��ECXDH�� +��Alice�� +``` +openssl genpkey -algorithm X25519 -out alice_x25519_prikey.pem -engine uadk_engine +``` +�� +``` +openssl pkey -in alice_x25519prikey.pem -text +``` +��Alice�� +``` +openssl pkey -pubout -in alice_x25519_prikey.pem -out alice_ x25519.pub +``` +��Bob�� +``` +openssl genpkey -algorithm X25519 -out bob_x25519_prikey.pem -engine uadk_engine +``` +��Bob�� +``` +openssl pkey -pubout -in bob_x25519_prikey.pem -out bob_x25519.pub +``` +Alice�� +``` +openssl pkeyutl -derive -out alicebob_x25519.key -inkey alice_x25519_prikey.pem -peerkey bob_x25519.pub -engine uadk_engine +``` +Bob�� +``` +openssl pkeyutl -derive -out bobalice_x25519.key -inkey bob_x25519_prikey.pem -peerkey alice_ x25519.pub -engine uadk_engine +``` +��Alice��Bob�� +``` +cmp alicebob_x25519.key bobalice_x25519.key +xxd alicebob_x25519.key +xxd bobalice_x25519.key +``` +��X448��genpkey��algorithm��X448��-algorithm X448 +#### 4.2.6 ��ECDSA�� +�� +``` +openssl ecparam -genkey -name secp384r1 -noout -out private.pem -engine uadk_engine +``` +�� +``` +openssl ec -in private.pem -pubout -out public.pem +``` +��msg.txt�� +��SHA256�� +``` +openssl dgst -sha256 -sign private.pem -out ecdsa_384r1.sig -engine uadk_engine msg.txt +``` +��SHA256�� +``` +openssl dgst -sha256 -verify public.pem -signature ecdsa_384r1.sig -engine uadk_engine msg.txt +``` +openssl speed�� +``` +openssl speed -elapsed -engine uadk_engine ecdsap256 +openssl speed -elapsed -engine uadk_engine -async_jobs 1 ecdsap256 +``` +#### 4.2.7 ��SM2�� +�� +``` +openssl ecparam -name SM2 -genkey -out sm2_prikey.pem -engine uadk_engine +``` +�� +``` +openssl ec -in sm2_prikey.pem -pubout -out sm2_pubkey.pem +``` +��msg.txt�� +��SHA256�� +``` +openssl dgst -sha256 -sign sm2_prikey.pem -out sm2.sig -engine uadk_engine msg.txt +``` +��SHA256�� +``` +openssl dgst -sha256 -verify sm2_pubkey.pem -signature sm2.sig -engine uadk_engine msg.txt +``` +#### 4.2.8 ��MD5�� +��data.txt�� +``` +openssl md5 -engine uadk_engine data.txt +``` +openssl speed�� +``` +openssl speed -engine uadk_engine -async_jobs 1 -evp md5 +``` +#### 4.2.9 ��SM3�� +��data.txt�� +``` +openssl sm3 -engine uadk_engine data.txt +``` +#### 4.2.10 ��SHA�� +��data.txt�� +``` +openssl sha1 -engine uadk_engine data.txt +openssl sha256 -engine uadk_engine data.txt +openssl sha512 -engine uadk_engine data.txt +``` +#### 4.2.11 ��AES�� +aes-128-cbc�� +``` +openssl enc -aes-128-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +aes-128-cbc�� +``` +openssl enc -aes-128-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +aes-192-cbc�� +``` +openssl enc -aes-192-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +aes-192-cbc�� +``` +openssl enc -aes-192-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +aes-256-cbc�� +``` +openssl enc -aes-256-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +aes-256-cbc�� +``` +openssl enc -aes-256-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +aes-128-ecb�� +``` +openssl enc -aes-128-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +aes-128-ecb�� +``` +openssl enc -aes-128-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +aes-192-ecb�� +``` +openssl enc -aes-192-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +aes-192-ecb�� +``` +openssl enc -aes-192-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +aes-256-ecb�� +``` +openssl enc -aes-256-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +aes-256-ecb�� +``` +openssl enc -aes-256-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +aes-128-ctr�� +``` +openssl enc -aes-128-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +aes-128-ctr�� +``` +openssl enc -aes-128-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +aes-192-ctr�� +``` +openssl enc -aes-192-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +aes-192-ctr�� +``` +openssl enc -aes-192-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +aes-256-ctr�� +``` +openssl enc -aes-256-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +aes-256-ctr�� +``` +openssl enc -aes-256-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +#### 4.2.12 ��SM4�� +sm4-cbc�� +``` +openssl enc -sm4-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +sm4-cbc�� +``` +openssl enc -sm4-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +sm4-ecb�� +``` +openssl enc -sm4-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +sm4-ecb�� +``` +openssl enc -sm4-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +#### 4.2.13 ��DES�� +des-ede3-cbc�� +``` +openssl enc -des-ede3-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +des-ede3-cbc�� +``` +openssl enc -des-ede3-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +des-ede3-ecb�� +``` +openssl enc -des-ede3-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` +des-ede3-ecb�� +``` +openssl enc -des-ede3-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p +``` -- 2.33.0

2 1

[PATCH] utils: add glibc version checking for uadk_memcpy
by Kai Ye 25 Mar '22

25 Mar '22

No assembly language is required as glibc version >= 2.32. This is because the later glibc version has updated this optimization. Signed-off-by: Kai Ye <yekai13(a)huawei.com> --- src/uadk_utils.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/uadk_utils.c b/src/uadk_utils.c index 2b34b3a..ec12e67 100644 --- a/src/uadk_utils.c +++ b/src/uadk_utils.c @@ -14,9 +14,12 @@ * limitations under the License. * */ +#include <gnu/libc-version.h> #include "uadk_utils.h" -#define UADK_MEM_IMPROVE_THRESHOLD 1024 +#define GLIBC_MAIN 2U +#define GLIBC_MINOR 32U +#define UADK_MEM_IMPROVE_THRESHOLD 1024U static void *memcpy_large(void *dstpp, const void *srcpp, size_t len) { @@ -56,7 +59,9 @@ static void *memcpy_large(void *dstpp, const void *srcpp, size_t len) void *uadk_memcpy(void *dstpp, const void *srcpp, size_t len) { - if (len >= UADK_MEM_IMPROVE_THRESHOLD) + /* No assembly language is required as glibc version >= 2.32 */ + if (((__GLIBC__ == GLIBC_MAIN && __GLIBC_MINOR__ < GLIBC_MINOR) || + __GLIBC__ < GLIBC_MAIN) && len >= UADK_MEM_IMPROVE_THRESHOLD) return memcpy_large(dstpp, srcpp, len); else return memcpy(dstpp, srcpp, len); -- 2.33.0

1 0

openEuler Acclib SIG组例会会议通知
by fanghao (A) 23 Mar '22

23 Mar '22

Hello everyone, openEuler Acclib SIG组的交流例会举行时间：北京时间，每周三上午，11点~12点会议链接：https://linaro-org.zoom.us/j/91879279131 欢迎感兴趣接入参与。可通过邮件申报议题。邮件列表：acc(a)openeuler.xn--org,openeuler-sd3u001d022a450ktlybqi2b. Thanks. Hao Fang

1 0

[PATCH] sec: unify the print format
by Kai Ye 22 Mar '22

22 Mar '22

Use the following rules to unify the print format: 1. failed to do sth. 2. invalid: sth is NULL. Signed-off-by: Kai Ye <yekai13(a)huawei.com> --- drv/hisi_sec.c | 20 ++++++++++---------- wd_aead.c | 12 ++++++------ wd_cipher.c | 20 ++++++++++---------- wd_digest.c | 10 +++++----- 4 files changed, 31 insertions(+), 31 deletions(-) diff --git a/drv/hisi_sec.c b/drv/hisi_sec.c index 16fcb5f..aa86a6b 100644 --- a/drv/hisi_sec.c +++ b/drv/hisi_sec.c @@ -703,7 +703,7 @@ static void parse_cipher_bd2(struct hisi_sec_sqe *sqe, done = sqe->type2.done_flag & SEC_DONE_MASK; if (done != SEC_HW_TASK_DONE || sqe->type2.error_type) { - WD_ERR("SEC BD %s fail! done=0x%x, etype=0x%x\n", "cipher", + WD_ERR("failed to parse cipher BD2! done=0x%x, etype=0x%x\n", done, sqe->type2.error_type); recv_msg->result = WD_IN_EPARA; } else { @@ -927,7 +927,7 @@ int hisi_sec_cipher_send(handle_t ctx, struct wd_cipher_msg *msg) int ret; if (!msg) { - WD_ERR("input cipher msg is NULL!\n"); + WD_ERR("invalid: input cipher msg is NULL!\n"); return -WD_EINVAL; } @@ -1130,7 +1130,7 @@ int hisi_sec_cipher_send_v3(handle_t ctx, struct wd_cipher_msg *msg) int ret; if (!msg) { - WD_ERR("input cipher msg is NULL!\n"); + WD_ERR("invalid: input cipher msg is NULL!\n"); return -WD_EINVAL; } @@ -1175,7 +1175,7 @@ static void parse_cipher_bd3(struct hisi_sec_sqe3 *sqe, done = sqe->done_flag & SEC_DONE_MASK; if (done != SEC_HW_TASK_DONE || sqe->error_type) { - WD_ERR("SEC BD3 %s fail! done=0x%x, etype=0x%x\n", "cipher", + WD_ERR("failed to parse cipher BD3! done=0x%x, etype=0x%x\n", done, sqe->error_type); recv_msg->result = WD_IN_EPARA; } else { @@ -1278,7 +1278,7 @@ static void parse_digest_bd2(struct hisi_sec_sqe *sqe, done = sqe->type2.done_flag & SEC_DONE_MASK; if (done != SEC_HW_TASK_DONE || sqe->type2.error_type) { - WD_ERR("SEC BD %s fail! done=0x%x, etype=0x%x\n", "digest", + WD_ERR("failed to parse digest BD2! done=0x%x, etype=0x%x\n", done, sqe->type2.error_type); recv_msg->result = WD_IN_EPARA; } else { @@ -1354,7 +1354,7 @@ int hisi_sec_digest_send(handle_t ctx, struct wd_digest_msg *msg) int ret; if (!msg) { - WD_ERR("input digest msg is NULL!\n"); + WD_ERR("invalid: input digest msg is NULL!\n"); return -WD_EINVAL; } @@ -1510,7 +1510,7 @@ int hisi_sec_digest_send_v3(handle_t ctx, struct wd_digest_msg *msg) int ret; if (!msg) { - WD_ERR("input digest msg is NULL!\n"); + WD_ERR("invalid: input digest msg is NULL!\n"); return -WD_EINVAL; } @@ -1578,7 +1578,7 @@ static void parse_digest_bd3(struct hisi_sec_sqe3 *sqe, done = sqe->done_flag & SEC_DONE_MASK; if (done != SEC_HW_TASK_DONE || sqe->error_type) { - WD_ERR("SEC BD3 %s fail! done=0x%x, etype=0x%x\n", "digest", + WD_ERR("failed to parse digest BD3! done=0x%x, etype=0x%x\n", done, sqe->error_type); recv_msg->result = WD_IN_EPARA; } else { @@ -1927,7 +1927,7 @@ static void parse_aead_bd2(struct hisi_sec_sqe *sqe, icv = (sqe->type2.done_flag & SEC_ICV_MASK) >> 1; if (done != SEC_HW_TASK_DONE || sqe->type2.error_type || icv == SEC_HW_ICV_ERR) { - WD_ERR("SEC BD aead fail! done=0x%x, etype=0x%x, icv=0x%x\n", + WD_ERR("failed to parse aead BD2! done=0x%x, etype=0x%x, icv=0x%x\n", done, sqe->type2.error_type, icv); recv_msg->result = WD_IN_EPARA; } else { @@ -2195,7 +2195,7 @@ static void parse_aead_bd3(struct hisi_sec_sqe3 *sqe, icv = (sqe->done_flag & SEC_ICV_MASK) >> 1; if (done != SEC_HW_TASK_DONE || sqe->error_type || icv == SEC_HW_ICV_ERR) { - WD_ERR("SEC BD3 aead fail! done=0x%x, etype=0x%x, icv=0x%x\n", + WD_ERR("failed to parse aead BD3! done=0x%x, etype=0x%x, icv=0x%x\n", done, sqe->error_type, icv); recv_msg->result = WD_IN_EPARA; } else { diff --git a/wd_aead.c b/wd_aead.c index a78f152..7a33d4e 100644 --- a/wd_aead.c +++ b/wd_aead.c @@ -63,14 +63,14 @@ static void wd_aead_set_static_drv(void) { wd_aead_setting.driver = wd_aead_get_driver(); if (!wd_aead_setting.driver) - WD_ERR("fail to get driver\n"); + WD_ERR("failed to get driver!\n"); } #else static void __attribute__((constructor)) wd_aead_open_driver(void) { wd_aead_setting.dlhandle = dlopen("libhisi_sec.so", RTLD_NOW); if (!wd_aead_setting.dlhandle) - WD_ERR("failed to open libhisi_sec.so\n"); + WD_ERR("failed to open libhisi_sec.so!\n"); } static void __attribute__((destructor)) wd_aead_close_driver(void) @@ -344,7 +344,7 @@ static int aead_param_check(struct wd_aead_sess *sess, int ret; if (unlikely(!sess || !req)) { - WD_ERR("aead input sess or req is NULL.\n"); + WD_ERR("invalid: aead input sess or req is NULL!\n"); return -WD_EINVAL; } @@ -393,7 +393,7 @@ static int aead_param_check(struct wd_aead_sess *sess, static int aead_init_check(struct wd_ctx_config *config, struct wd_sched *sched) { if (!config || !config->ctxs || !config->ctxs[0].ctx || !sched) { - WD_ERR("wd aead config or sched is NULL!\n"); + WD_ERR("invalid: wd aead config or sched is NULL!\n"); return -WD_EINVAL; } @@ -593,7 +593,7 @@ int wd_do_aead_async(handle_t h_sess, struct wd_aead_req *req) return -WD_EINVAL; if (unlikely(!req->cb)) { - WD_ERR("aead input req cb is NULL.\n"); + WD_ERR("invalid: aead input req cb is NULL!\n"); return -WD_EINVAL; } @@ -646,7 +646,7 @@ int wd_aead_poll_ctx(__u32 idx, __u32 expt, __u32 *count) int ret; if (!count) { - WD_ERR("aead poll ctx input param is NULL!\n"); + WD_ERR("invalid: aead poll ctx input param is NULL!\n"); return -WD_EINVAL; } diff --git a/wd_cipher.c b/wd_cipher.c index 8daac0f..374b05e 100644 --- a/wd_cipher.c +++ b/wd_cipher.c @@ -75,14 +75,14 @@ static void wd_cipher_set_static_drv(void) { wd_cipher_setting.driver = wd_cipher_get_driver(); if (!wd_cipher_setting.driver) - WD_ERR("fail to get driver\n"); + WD_ERR("failed to get driver!\n"); } #else static void __attribute__((constructor)) wd_cipher_open_driver(void) { wd_cipher_setting.dlhandle = dlopen("libhisi_sec.so", RTLD_NOW); if (!wd_cipher_setting.dlhandle) - WD_ERR("fail to open libhisi_sec.so\n"); + WD_ERR("failed to open libhisi_sec.so!\n"); } static void __attribute__((destructor)) wd_cipher_close_driver(void) @@ -158,7 +158,7 @@ static int cipher_init_check(struct wd_ctx_config *config, struct wd_sched *sched) { if (!config || !config->ctxs || !config->ctxs[0].ctx || !sched) { - WD_ERR("wd cipher config or sched is NULL!\n"); + WD_ERR("invalid: wd cipher config or sched is NULL!\n"); return -WD_EINVAL; } @@ -177,7 +177,7 @@ int wd_cipher_set_key(handle_t h_sess, const __u8 *key, __u32 key_len) int ret; if (!key || !sess) { - WD_ERR("cipher set key input param err!\n"); + WD_ERR("invalid: cipher set key input param err!\n"); return -WD_EINVAL; } @@ -205,13 +205,13 @@ handle_t wd_cipher_alloc_sess(struct wd_cipher_sess_setup *setup) struct wd_cipher_sess *sess = NULL; if (unlikely(!setup)) { - WD_ERR("cipher input setup is NULL!\n"); + WD_ERR("invalid: cipher input setup is NULL!\n"); return (handle_t)0; } sess = malloc(sizeof(struct wd_cipher_sess)); if (!sess) { - WD_ERR("fail to alloc session memory!\n"); + WD_ERR("failed to alloc session memory!\n"); return (handle_t)0; } memset(sess, 0, sizeof(struct wd_cipher_sess)); @@ -235,7 +235,7 @@ void wd_cipher_free_sess(handle_t h_sess) struct wd_cipher_sess *sess = (struct wd_cipher_sess *)h_sess; if (unlikely(!sess)) { - WD_ERR("cipher input h_sess is NULL!\n"); + WD_ERR("invalid: cipher input h_sess is NULL!\n"); return; } @@ -386,12 +386,12 @@ static int wd_cipher_check_params(handle_t h_sess, int ret = 0; if (unlikely(!h_sess || !req)) { - WD_ERR("cipher input sess or req is NULL!\n"); + WD_ERR("invalid: cipher input sess or req is NULL!\n"); return -WD_EINVAL; } if (unlikely(mode == CTX_MODE_ASYNC && !req->cb)) { - WD_ERR("cipher req cb is NULL!\n"); + WD_ERR("invalid: cipher req cb is NULL!\n"); return -WD_EINVAL; } @@ -560,7 +560,7 @@ int wd_cipher_poll_ctx(__u32 idx, __u32 expt, __u32 *count) int ret; if (unlikely(!count)) { - WD_ERR("wd cipher poll ctx input param is NULL!\n"); + WD_ERR("invalid: cipher poll ctx input param is NULL!\n"); return -WD_EINVAL; } diff --git a/wd_digest.c b/wd_digest.c index f4d0075..c5030d0 100644 --- a/wd_digest.c +++ b/wd_digest.c @@ -62,7 +62,7 @@ static void wd_digest_set_static_drv(void) { wd_digest_setting.driver = wd_digest_get_driver(); if (!wd_digest_setting.driver) - WD_ERR("fail to get driver\n"); + WD_ERR("failed to get driver!\n"); } #else static void __attribute__((constructor)) wd_digest_open_driver(void) @@ -70,7 +70,7 @@ static void __attribute__((constructor)) wd_digest_open_driver(void) /* Fix me: vendor driver should be put in /usr/lib/wd/ */ wd_digest_setting.dlhandle = dlopen("libhisi_sec.so", RTLD_NOW); if (!wd_digest_setting.dlhandle) - WD_ERR("fail to open libhisi_sec.so\n"); + WD_ERR("failed to open libhisi_sec.so!\n"); } static void __attribute__((destructor)) wd_digest_close_driver(void) @@ -251,7 +251,7 @@ static int digest_param_check(struct wd_digest_sess *sess, int ret; if (unlikely(!sess || !req)) { - WD_ERR("digest input sess or req is NULL.\n"); + WD_ERR("invalid: digest input sess or req is NULL!\n"); return -WD_EINVAL; } @@ -397,7 +397,7 @@ int wd_do_digest_async(handle_t h_sess, struct wd_digest_req *req) return -WD_EINVAL; if (unlikely(!req->cb)) { - WD_ERR("digest input req cb is NULL.\n"); + WD_ERR("invalid: digest input req cb is NULL!\n"); return -WD_EINVAL; } @@ -450,7 +450,7 @@ int wd_digest_poll_ctx(__u32 idx, __u32 expt, __u32 *count) int ret; if (unlikely(!count)) { - WD_ERR("digest count is NULL.\n"); + WD_ERR("invalid: digest poll ctx input param is NULL!\n"); return -WD_EINVAL; } -- 2.33.0

1 0

Fw:[PATCH RFC 00/12] IOMMUFD Generic interface
by Zhangfei Gao 19 Mar '22

19 Mar '22

------------------ Original ------------------ From: "Jason Gunthorpe" <iommu(a)lists.linux-foundation.org>; Date: Sat, Mar 19, 2022 01:27 AM To:  Cc: "Jean-Philippe Brucker"<jean-philippe(a)linaro.org>;"Chaitanya Kulkarni"<chaitanyak(a)nvidia.com>;"kvm"<kvm(a)vger.kernel.org>;"Michael S. Tsirkin"<mst(a)redhat.com>;"Jason Wang"<jasowang(a)redhat.com>;"Cornelia Huck"<cohuck(a)redhat.com>;"Niklas Schnelle"<schnelle(a)linux.ibm.com>;"iommu"<iommu(a)lists.linux-foundation.org>;"Daniel Jordan"<daniel.m.jordan(a)oracle.com>;"Kevin Tian"<kevin.tian(a)intel.com>;"Alex Williamson"<alex.williamson(a)redhat.com>;"Joao Martins"<joao.m.martins(a)oracle.com>;"David Gibson"<david(a)gibson.dropbear.id.au>; Subject: [PATCH RFC 00/12] IOMMUFD Generic interface iommufd is the user API to control the IOMMU subsystem as it relates to managing IO page tables that point at user space memory. It takes over from drivers/vfio/vfio_iommu_type1.c (aka the VFIO container) which is the VFIO specific interface for a similar idea. We see a broad need for extended features, some being highly IOMMU device specific:  - Binding iommu_domain's to PASID/SSID  - Userspace page tables, for ARM, x86 and S390  - Kernel bypass'd invalidation of user page tables  - Re-use of the KVM page table in the IOMMU  - Dirty page tracking in the IOMMU  - Runtime Increase/Decrease of IOPTE size  - PRI support with faults resolved in userspace As well as a need to access these features beyond just VFIO, VDPA for instance, but other classes of accelerator HW are touching on these areas now too. The v1 series proposed re-using the VFIO type 1 data structure, however it was suggested that if we are doing this big update then we should also come with a data structure that solves the limitations that VFIO type1 has. Notably this addresses:  - Multiple IOAS/'containers' and multiple domains inside a single FD  - Single-pin operation no matter how many domains and containers use    a page  - A fine grained locking scheme supporting user managed concurrency for    multi-threaded map/unmap  - A pre-registration mechanism to optimize vIOMMU use cases by    pre-pinning pages  - Extended ioctl API that can manage these new objects and exposes    domains directly to user space  - domains are sharable between subsystems, eg VFIO and VDPA The bulk of this code is a new data structure design to track how the IOVAs are mapped to PFNs. iommufd intends to be general and consumable by any driver that wants to DMA to userspace. From a driver perspective it can largely be dropped in in-place of iommu_attach_device() and provides a uniform full feature set to all consumers. As this is a larger project this series is the first step. This series provides the iommfd "generic interface" which is designed to be suitable for applications like DPDK and VMM flows that are not optimized to specific HW scenarios. It is close to being a drop in replacement for the existing VFIO type 1. This is part two of three for an initial sequence:  - Move IOMMU Group security into the iommu layer    https://lore.kernel.org/linux-iommu/20220218005521.172832-1-baolu.lu@linux.…  * Generic IOMMUFD implementation  - VFIO ability to consume IOMMUFD    An early exploration of this is available here:     https://github.com/luxis1999/iommufd/commits/iommufd-v5.17-rc6 Various parts of the above extended features are in WIP stages currently to define how their IOCTL interface should work. At this point, using the draft VFIO series, unmodified qemu has been tested to operate using iommufd on x86 and ARM systems. Several people have contributed directly to this work: Eric Auger, Kevin Tian, Lu Baolu, Nicolin Chen, Yi L Liu. Many more have participated in the discussions that lead here, and provided ideas. Thanks to all! This is on github: https://github.com/jgunthorpe/linux/commits/iommufd # S390 in-kernel page table walker Cc: Niklas Schnelle <schnelle(a)linux.ibm.com> Cc: Matthew Rosato <mjrosato(a)linux.ibm.com> # AMD Dirty page tracking Cc: Joao Martins <joao.m.martins(a)oracle.com> # ARM SMMU Dirty page tracking Cc: Keqian Zhu <zhukeqian1(a)huawei.com> Cc: Shameerali Kolothum Thodi <shameerali.kolothum.thodi(a)huawei.com> # ARM SMMU nesting Cc: Eric Auger <eric.auger(a)redhat.com> Cc: Jean-Philippe Brucker <jean-philippe(a)linaro.org> # Map/unmap performance Cc: Daniel Jordan <daniel.m.jordan(a)oracle.com> # VDPA Cc: "Michael S. Tsirkin" <mst(a)redhat.com> Cc: Jason Wang <jasowang(a)redhat.com> # Power Cc: David Gibson <david(a)gibson.dropbear.id.au> # vfio Cc: Alex Williamson <alex.williamson(a)redhat.com> Cc: Cornelia Huck <cohuck(a)redhat.com> Cc: kvm(a)vger.kernel.org # iommu Cc: iommu(a)lists.linux-foundation.org # Collaborators Cc: "Chaitanya Kulkarni" <chaitanyak(a)nvidia.com> Cc: Nicolin Chen <nicolinc(a)nvidia.com> Cc: Lu Baolu <baolu.lu(a)linux.intel.com> Cc: Kevin Tian <kevin.tian(a)intel.com> Cc: Yi Liu <yi.l.liu(a)intel.com> Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> Jason Gunthorpe (11):   interval-tree: Add a utility to iterate over spans in an interval tree   iommufd: File descriptor, context, kconfig and makefiles   kernel/user: Allow user::locked_vm to be usable for iommufd   iommufd: PFN handling for iopt_pages   iommufd: Algorithms for PFN storage   iommufd: Data structure to provide IOVA to PFN mapping   iommufd: IOCTLs for the io_pagetable   iommufd: Add a HW pagetable object   iommufd: Add kAPI toward external drivers   iommufd: vfio container FD ioctl compatibility   iommufd: Add a selftest Kevin Tian (1):   iommufd: Overview documentation  Documentation/userspace-api/index.rst         |    1 +  .../userspace-api/ioctl/ioctl-number.rst      |    1 +  Documentation/userspace-api/iommufd.rst       |  224 +++  MAINTAINERS                                   |   10 +  drivers/iommu/Kconfig                         |    1 +  drivers/iommu/Makefile                        |    2 +-  drivers/iommu/iommufd/Kconfig                 |   22 +  drivers/iommu/iommufd/Makefile                |   13 +  drivers/iommu/iommufd/device.c                |  274 ++++  drivers/iommu/iommufd/hw_pagetable.c          |  142 ++  drivers/iommu/iommufd/io_pagetable.c          |  890 +++++++++++  drivers/iommu/iommufd/io_pagetable.h          |  170 +++  drivers/iommu/iommufd/ioas.c                  |  252 ++++  drivers/iommu/iommufd/iommufd_private.h       |  231 +++  drivers/iommu/iommufd/iommufd_test.h          |   65 +  drivers/iommu/iommufd/main.c                  |  346 +++++  drivers/iommu/iommufd/pages.c                 | 1321 +++++++++++++++++  drivers/iommu/iommufd/selftest.c              |  495 ++++++  drivers/iommu/iommufd/vfio_compat.c           |  401 +++++  include/linux/interval_tree.h                 |   41 +  include/linux/iommufd.h                       |   50 +  include/linux/sched/user.h                    |    2 +-  include/uapi/linux/iommufd.h                  |  223 +++  kernel/user.c                                 |    1 +  lib/interval_tree.c                           |   98 ++  tools/testing/selftests/Makefile              |    1 +  tools/testing/selftests/iommu/.gitignore      |    2 +  tools/testing/selftests/iommu/Makefile        |   11 +  tools/testing/selftests/iommu/config          |    2 +  tools/testing/selftests/iommu/iommufd.c       | 1225 +++++++++++++++  30 files changed, 6515 insertions(+), 2 deletions(-)  create mode 100644 Documentation/userspace-api/iommufd.rst  create mode 100644 drivers/iommu/iommufd/Kconfig  create mode 100644 drivers/iommu/iommufd/Makefile  create mode 100644 drivers/iommu/iommufd/device.c  create mode 100644 drivers/iommu/iommufd/hw_pagetable.c  create mode 100644 drivers/iommu/iommufd/io_pagetable.c  create mode 100644 drivers/iommu/iommufd/io_pagetable.h  create mode 100644 drivers/iommu/iommufd/ioas.c  create mode 100644 drivers/iommu/iommufd/iommufd_private.h  create mode 100644 drivers/iommu/iommufd/iommufd_test.h  create mode 100644 drivers/iommu/iommufd/main.c  create mode 100644 drivers/iommu/iommufd/pages.c  create mode 100644 drivers/iommu/iommufd/selftest.c  create mode 100644 drivers/iommu/iommufd/vfio_compat.c  create mode 100644 include/linux/iommufd.h  create mode 100644 include/uapi/linux/iommufd.h  create mode 100644 tools/testing/selftests/iommu/.gitignore  create mode 100644 tools/testing/selftests/iommu/Makefile  create mode 100644 tools/testing/selftests/iommu/config  create mode 100644 tools/testing/selftests/iommu/iommufd.c base-commit: d1c716ed82a6bf4c35ba7be3741b9362e84cd722 -- 2.35.1 _______________________________________________ iommu mailing list iommu(a)lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu

1 0

[PATCH] rsa: bugfix about redundant and inefficient operations
by Zhiqi Song 16 Mar '22

16 Mar '22

Includes: 1. Remove redundant judgment conditions. 2. Remove redundant function parameters. 3. Remove the redundant operation in soft RSA keygen method. 4. Use more efficient BN memory allocation method, and add judgment of the results. Signed-off-by: Zhiqi Song <songzhiqi1(a)huawei.com> --- src/uadk_rsa.c | 331 ++++++++++++++++++++++--------------------------- 1 file changed, 148 insertions(+), 183 deletions(-) diff --git a/src/uadk_rsa.c b/src/uadk_rsa.c index 1488b98..821cb78 100644 --- a/src/uadk_rsa.c +++ b/src/uadk_rsa.c @@ -143,7 +143,7 @@ enum { static int rsa_check_bit_useful(const int bits, int flen) { - if (!flen && flen > bits) + if (flen > bits) return SOFT; if (bits < RSA_MIN_MODULUS_BITS) @@ -411,8 +411,8 @@ static int get_rsa_prime_param(struct rsa_prime_param *param, BN_CTX *ctx) return UADK_E_SUCCESS; end: - fprintf(stderr, "failed to malloc params\n"); - return UADK_E_FAIL; + fprintf(stderr, "failed to allocate rsa prime params\n"); + return -ENOMEM; } static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p, @@ -433,13 +433,11 @@ static int rsa_primes_gen(int bits, BIGNUM *e_pub, BIGNUM *p, BN_CTX_start(ctx); param = OPENSSL_zalloc(sizeof(struct rsa_prime_param)); - if (!param) { - fprintf(stderr, "failed to malloc rsa prime param\n"); + if (!param) goto free_ctx; - } ret = get_rsa_prime_param(param, ctx); - if (!ret) + if (ret != UADK_E_SUCCESS) goto free_param; /* Divide bits into 'primes' pieces evenly */ @@ -624,9 +622,10 @@ static int rsa_get_sign_res(int padding, BIGNUM *to_bn, const BIGNUM *n, return UADK_E_SUCCESS; } -static int rsa_get_verify_res(int padding, BIGNUM *to_bn, const BIGNUM *n, - BIGNUM *ret_bn) +static int rsa_get_verify_res(int padding, const BIGNUM *n, BIGNUM *ret_bn) { + BIGNUM *to_bn = NULL; + if ((padding == RSA_X931_PADDING) && ((bn_get_words(ret_bn)[0] & 0xf) != 0x0c)) { if (!BN_sub(to_bn, n, ret_bn)) @@ -840,6 +839,7 @@ static struct uadk_rsa_sess *rsa_new_eng_session(RSA *rsa) rsa_sess = OPENSSL_malloc(sizeof(struct uadk_rsa_sess)); if (!rsa_sess) return NULL; + memset(rsa_sess, 0, sizeof(struct uadk_rsa_sess)); rsa_sess->alg = rsa; rsa_sess->is_prikey_ready = UN_SET; @@ -971,23 +971,44 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req, struct rsa_keygen_param_bn *bn_param) { struct wd_rsa_kg_out *out = (struct wd_rsa_kg_out *)req->dst; + struct wd_dtb wd_d, wd_n, wd_qinv, wd_dq, wd_dp; + BIGNUM *dmp1, *dmq1, *iqmp, *n, *d; unsigned int key_bits, key_size; - BIGNUM *dmp1 = BN_new(); - BIGNUM *dmq1 = BN_new(); - BIGNUM *iqmp = BN_new(); - BIGNUM *n = BN_new(); - BIGNUM *d = BN_new(); - struct wd_dtb wd_d; - struct wd_dtb wd_n; - struct wd_dtb wd_qinv; - struct wd_dtb wd_dq; - struct wd_dtb wd_dp; + BN_CTX *bn_ctx; key_bits = wd_rsa_get_key_bits(ctx); + if (!key_bits) + return UADK_E_FAIL; + key_size = key_bits >> BIT_BYTES_SHIFT; wd_rsa_get_kg_out_params(out, &wd_d, &wd_n); wd_rsa_get_kg_out_crt_params(out, &wd_qinv, &wd_dq, &wd_dp); + bn_ctx = BN_CTX_new(); + if (!bn_ctx) + return UADK_E_FAIL; + + BN_CTX_start(bn_ctx); + dmp1 = BN_CTX_get(bn_ctx); + if (!dmp1) + goto free_bn_ctx; + + dmq1 = BN_CTX_get(bn_ctx); + if (!dmq1) + goto free_bn_ctx; + + iqmp = BN_CTX_get(bn_ctx); + if (!iqmp) + goto free_bn_ctx; + + n = BN_CTX_get(bn_ctx); + if (!n) + goto free_bn_ctx; + + d = BN_CTX_get(bn_ctx); + if (!d) + goto free_bn_ctx; + BN_bin2bn((unsigned char *)wd_d.data, key_size, d); BN_bin2bn((unsigned char *)wd_n.data, key_size, n); BN_bin2bn((unsigned char *)wd_qinv.data, wd_qinv.dsize, iqmp); @@ -997,16 +1018,13 @@ static int rsa_get_keygen_param(struct wd_rsa_req *req, if (!(RSA_set0_key(rsa, n, bn_param->e, d) && RSA_set0_factors(rsa, bn_param->p, bn_param->q) && RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp))) - goto bn_free; + goto free_bn_ctx; return UADK_E_SUCCESS; -bn_free: - BN_clear_free(dmp1); - BN_clear_free(dmq1); - BN_clear_free(iqmp); - BN_clear_free(n); - BN_clear_free(d); +free_bn_ctx: + BN_CTX_end(bn_ctx); + BN_CTX_free(bn_ctx); return UADK_E_FAIL; } @@ -1093,20 +1111,11 @@ err: static int uadk_e_soft_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) { - const RSA_METHOD *default_meth = RSA_PKCS1_OpenSSL(); int ret; - if (!default_meth) { - fprintf(stderr, "failed to get soft method.\n"); - return UADK_E_FAIL; - } - UNUSED(cb); - RSA_set_method(rsa, default_meth); ret = RSA_generate_key_ex(rsa, bits, e, NULL); - RSA_set_method(rsa, rsa_hw_meth); - return ret; } @@ -1131,7 +1140,7 @@ static int rsa_fill_keygen_data(struct uadk_rsa_sess *rsa_sess, return UADK_E_FAIL; wd_rsa_get_crt_prikey_params(key_pair->prikey, NULL, NULL, NULL, - &keygen_param->wd_q, &keygen_param->wd_p); + &keygen_param->wd_q, &keygen_param->wd_p); if (!keygen_param->wd_q || !keygen_param->wd_p) return UADK_E_FAIL; @@ -1170,9 +1179,11 @@ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param, struct rsa_keygen_param_bn **keygen_bn_param, struct rsa_keypair **key_pair) { + BN_CTX *bn_ctx; + *keygen_param = OPENSSL_malloc(sizeof(struct rsa_keygen_param)); if (!(*keygen_param)) - return -ENOMEM; + goto err; *keygen_bn_param = (struct rsa_keygen_param_bn *) OPENSSL_malloc(sizeof(struct rsa_keygen_param_bn)); @@ -1183,16 +1194,35 @@ static int rsa_keygen_param_alloc(struct rsa_keygen_param **keygen_param, if (!(*key_pair)) goto free_keygen_bn_param; - (*keygen_bn_param)->e = BN_new(); - (*keygen_bn_param)->p = BN_new(); - (*keygen_bn_param)->q = BN_new(); + bn_ctx = BN_CTX_new(); + if (!bn_ctx) + goto free_key_pair; + + BN_CTX_start(bn_ctx); + (*keygen_bn_param)->e = BN_CTX_get(bn_ctx); + if (!(*keygen_bn_param)->e) + goto free_bn_ctx; + + (*keygen_bn_param)->p = BN_CTX_get(bn_ctx); + if (!(*keygen_bn_param)->p) + goto free_bn_ctx; + + (*keygen_bn_param)->q = BN_CTX_get(bn_ctx); + if (!(*keygen_bn_param)->q) + goto free_bn_ctx; return UADK_E_SUCCESS; +free_bn_ctx: + BN_CTX_end(bn_ctx); + BN_CTX_free(bn_ctx); +free_key_pair: + OPENSSL_free(*key_pair); free_keygen_bn_param: OPENSSL_free(*keygen_bn_param); free_keygen_param: OPENSSL_free(*keygen_param); +err: return -ENOMEM; } @@ -1236,81 +1266,56 @@ static void rsa_pkey_param_free(struct rsa_pubkey_param **pub, } static int rsa_create_pub_bn_ctx(RSA *rsa, struct rsa_pubkey_param *pub, - BN_CTX **bn_ctx, unsigned char **from_buf) + unsigned char **from_buf, int *num_bytes) { - BIGNUM *ret_bn; - int num_bytes; - RSA_get0_key(rsa, &pub->n, &pub->e, NULL); - - *bn_ctx = BN_CTX_new(); - if (!(*bn_ctx)) + if (!(pub->n) || !(pub->e)) return UADK_E_FAIL; - BN_CTX_start(*bn_ctx); - ret_bn = BN_CTX_get(*bn_ctx); - if (!ret_bn) - goto err; - - num_bytes = BN_num_bytes(pub->n); - if (!num_bytes) - goto err; + *num_bytes = BN_num_bytes(pub->n); + if (!(*num_bytes)) + return UADK_E_FAIL; - *from_buf = OPENSSL_malloc(num_bytes); + *from_buf = OPENSSL_malloc(*num_bytes); if (!(*from_buf)) - goto err; + return -ENOMEM; return UADK_E_SUCCESS; - -err: - BN_CTX_free(*bn_ctx); - return UADK_E_FAIL; } -static void rsa_free_pub_bn_ctx(BN_CTX **bn_ctx, unsigned char **from_buf) +static void rsa_free_pub_bn_ctx(unsigned char **from_buf) { - BN_CTX_free(*bn_ctx); - OPENSSL_free(*from_buf); } static int rsa_create_pri_bn_ctx(RSA *rsa, struct rsa_prikey_param *pri, - BN_CTX **bn_ctx, unsigned char **from_buf) + unsigned char **from_buf, int *num_bytes) { - BIGNUM *ret_bn; - int num_bytes; - RSA_get0_key(rsa, &pri->n, &pri->e, &pri->d); - RSA_get0_factors(rsa, &pri->p, &pri->q); - RSA_get0_crt_params(rsa, &pri->dmp1, &pri->dmq1, &pri->iqmp); + if (!(pri->n) || !(pri->e) || !(pri->d)) + return UADK_E_FAIL; - *bn_ctx = BN_CTX_new(); - if (!(*bn_ctx)) + RSA_get0_factors(rsa, &pri->p, &pri->q); + if (!(pri->p) || !(pri->q)) return UADK_E_FAIL; - BN_CTX_start(*bn_ctx); - ret_bn = BN_CTX_get(*bn_ctx); - if (!ret_bn) - goto err; + RSA_get0_crt_params(rsa, &pri->dmp1, &pri->dmq1, &pri->iqmp); + if (!(pri->dmp1) || !(pri->dmq1) || !(pri->iqmp)) + return UADK_E_FAIL; - num_bytes = BN_num_bytes(pri->n); - if (!num_bytes) - goto err; + *num_bytes = BN_num_bytes(pri->n); + if (!(*num_bytes)) + return UADK_E_FAIL; - *from_buf = OPENSSL_malloc(num_bytes); + *from_buf = OPENSSL_malloc(*num_bytes); if (!(*from_buf)) - goto err; + return -ENOMEM; return UADK_E_SUCCESS; -err: - BN_CTX_free(*bn_ctx); - return UADK_E_FAIL; } -static void rsa_free_pri_bn_ctx(BN_CTX **bn_ctx, unsigned char **from_buf) +static void rsa_free_pri_bn_ctx(unsigned char **from_buf) { - BN_CTX_free(*bn_ctx); - OPENSSL_free(*from_buf); } @@ -1318,14 +1323,13 @@ static int uadk_e_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) { struct rsa_keygen_param *keygen_param = NULL; struct rsa_keygen_param_bn *bn_param = NULL; + struct uadk_rsa_sess *rsa_sess = NULL; struct rsa_keypair *key_pair = NULL; - struct uadk_rsa_sess *rsa_sess; int is_crt = 1; - int key_size; int ret; - key_size = rsa_check_bit_useful(bits, 0); - if (!key_size || key_size == SOFT) + ret = rsa_check_bit_useful(bits, 0); + if (!ret || ret == SOFT) goto exe_soft; ret = uadk_e_rsa_init(); @@ -1388,14 +1392,11 @@ exe_soft: static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { + struct uadk_rsa_sess *rsa_sess = NULL; struct rsa_pubkey_param *pub = NULL; - struct uadk_rsa_sess *rsa_sess; unsigned char *from_buf = NULL; + int num_bytes, is_crt, ret; BIGNUM *ret_bn = NULL; - BN_CTX *bn_ctx = NULL; - int num_bytes; - int is_crt; - int ret; ret = check_rsa_input_para(flen, from, to, rsa); if (!ret || ret == SOFT) @@ -1417,18 +1418,12 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, goto free_pkey; } - ret = rsa_create_pub_bn_ctx(rsa, pub, &bn_ctx, &from_buf); - if (!ret) { + ret = rsa_create_pub_bn_ctx(rsa, pub, &from_buf, &num_bytes); + if (ret <= 0 || flen > num_bytes) { ret = UADK_DO_SOFT; goto free_sess; } - num_bytes = BN_num_bytes(pub->n); - if (flen > num_bytes) { - ret = UADK_DO_SOFT; - goto free_buf; - } - ret = add_rsa_pubenc_padding(flen, from, from_buf, num_bytes, padding); if (!ret) { ret = UADK_DO_SOFT; @@ -1448,7 +1443,7 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, } ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, - rsa_sess->req.dst_bytes, ret_bn); + rsa_sess->req.dst_bytes, NULL); if (!ret_bn) { ret = UADK_DO_SOFT; goto free_buf; @@ -1457,11 +1452,13 @@ static int uadk_e_rsa_public_encrypt(int flen, const unsigned char *from, ret = BN_bn2binpad(ret_bn, to, num_bytes); if (ret == -1) { ret = UADK_DO_SOFT; - goto free_buf; + goto free_bn; } +free_bn: + BN_free(ret_bn); free_buf: - rsa_free_pub_bn_ctx(&bn_ctx, &from_buf); + rsa_free_pub_bn_ctx(&from_buf); free_sess: rsa_free_eng_session(rsa_sess); free_pkey: @@ -1480,11 +1477,8 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from, struct rsa_prikey_param *pri = NULL; unsigned char *from_buf = NULL; struct uadk_rsa_sess *rsa_sess; + int num_bytes, len, ret; BIGNUM *ret_bn = NULL; - BN_CTX *bn_ctx = NULL; - int num_bytes; - int ret; - int len; ret = check_rsa_input_para(flen, from, to, rsa); if (!ret || ret == SOFT) @@ -1506,18 +1500,12 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from, goto free_pkey; } - ret = rsa_create_pri_bn_ctx(rsa, pri, &bn_ctx, &from_buf); - if (!ret) { + ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes); + if (ret <= 0 || flen > num_bytes) { ret = UADK_DO_SOFT; goto free_sess; } - num_bytes = BN_num_bytes(pri->n); - if (flen > num_bytes) { - ret = UADK_DO_SOFT; - goto free_buf; - } - ret = rsa_fill_prikey(rsa, rsa_sess, pri, from_buf, to); if (!ret) { ret = UADK_DO_SOFT; @@ -1533,7 +1521,7 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from, } ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, - rsa_sess->req.dst_bytes, ret_bn); + rsa_sess->req.dst_bytes, NULL); if (!ret_bn) { ret = UADK_DO_SOFT; goto free_buf; @@ -1542,17 +1530,19 @@ static int uadk_e_rsa_private_decrypt(int flen, const unsigned char *from, len = BN_bn2binpad(ret_bn, from_buf, num_bytes); if (!len) { ret = UADK_DO_SOFT; - goto free_buf; + goto free_bn; } ret = check_rsa_pridec_padding(to, num_bytes, from_buf, len, padding); if (!ret) { ret = UADK_DO_SOFT; - goto free_buf; + goto free_bn; } +free_bn: + BN_free(ret_bn); free_buf: - rsa_free_pri_bn_ctx(&bn_ctx, &from_buf); + rsa_free_pri_bn_ctx(&from_buf); free_sess: rsa_free_eng_session(rsa_sess); free_pkey: @@ -1568,14 +1558,13 @@ exe_soft: static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { + struct uadk_rsa_sess *rsa_sess = NULL; struct rsa_prikey_param *pri = NULL; - struct uadk_rsa_sess *rsa_sess; unsigned char *from_buf = NULL; - BIGNUM *to_bn, *ret_bn; - BN_CTX *bn_ctx = NULL; + BIGNUM *ret_bn = NULL; + BIGNUM *to_bn = NULL; BIGNUM *res = NULL; - int num_bytes; - int ret; + int num_bytes, ret; ret = check_rsa_input_para(flen, from, to, rsa); if (!ret || ret == SOFT) @@ -1597,36 +1586,18 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, goto free_pkey; } - ret = rsa_create_pri_bn_ctx(rsa, pri, &bn_ctx, &from_buf); - if (!ret) { + ret = rsa_create_pri_bn_ctx(rsa, pri, &from_buf, &num_bytes); + if (ret <= 0 || flen > num_bytes) { ret = UADK_DO_SOFT; goto free_sess; } - to_bn = BN_CTX_get(bn_ctx); - if (!to_bn) { - ret = UADK_DO_SOFT; - goto free_buf; - } - - num_bytes = BN_num_bytes(pri->n); - if (flen > num_bytes) { - ret = UADK_DO_SOFT; - goto free_buf; - } - ret = add_rsa_prienc_padding(flen, from, from_buf, num_bytes, padding); if (!ret) { ret = UADK_DO_SOFT; goto free_buf; } - ret_bn = BN_bin2bn(from_buf, num_bytes, to_bn); - if (!ret_bn) { - ret = UADK_DO_SOFT; - goto free_buf; - } - ret = rsa_fill_prikey(rsa, rsa_sess, pri, from_buf, to); if (!ret) { ret = UADK_DO_SOFT; @@ -1639,24 +1610,33 @@ static int uadk_e_rsa_private_sign(int flen, const unsigned char *from, goto free_buf; } - ret_bn = NULL; ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, - rsa_sess->req.dst_bytes, ret_bn); + rsa_sess->req.dst_bytes, NULL); if (!ret_bn) { ret = UADK_DO_SOFT; goto free_buf; } + to_bn = BN_bin2bn(from_buf, num_bytes, NULL); + if (!to_bn) { + ret = UADK_DO_SOFT; + goto free_ret_bn; + } + ret = rsa_get_sign_res(padding, to_bn, pri->n, ret_bn, &res); if (!ret) { ret = UADK_DO_SOFT; - goto free_buf; + goto free_to_bn; } ret = BN_bn2binpad(res, to, num_bytes); +free_to_bn: + BN_free(to_bn); +free_ret_bn: + BN_free(ret_bn); free_buf: - rsa_free_pri_bn_ctx(&bn_ctx, &from_buf); + rsa_free_pri_bn_ctx(&from_buf); free_sess: rsa_free_eng_session(rsa_sess); free_pkey: @@ -1672,15 +1652,11 @@ exe_soft: static int uadk_e_rsa_public_verify(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { - struct uadk_rsa_sess *rsa_sess; + struct uadk_rsa_sess *rsa_sess = NULL; + struct rsa_pubkey_param *pub = NULL; + int num_bytes, is_crt, len, ret; unsigned char *from_buf = NULL; - struct rsa_pubkey_param *pub; - BIGNUM *ret_bn, *to_bn; - BN_CTX *bn_ctx = NULL; - int num_bytes; - int is_crt; - int ret; - int len; + BIGNUM *ret_bn = NULL; ret = check_rsa_input_para(flen, from, to, rsa); if (!ret) @@ -1704,25 +1680,12 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from, goto free_pkey; } - ret = rsa_create_pub_bn_ctx(rsa, pub, &bn_ctx, &from_buf); - if (!ret) { + ret = rsa_create_pub_bn_ctx(rsa, pub, &from_buf, &num_bytes); + if (ret <= 0 || flen > num_bytes) { ret = UADK_DO_SOFT; goto free_sess; } - to_bn = BN_CTX_get(bn_ctx); - if (!to_bn) { - ret = UADK_DO_SOFT; - goto free_buf; - } - - num_bytes = BN_num_bytes(pub->n); - ret_bn = BN_bin2bn(from_buf, num_bytes, to_bn); - if (!ret_bn) { - ret = UADK_DO_SOFT; - goto free_buf; - } - ret = rsa_fill_pubkey(pub, rsa_sess, from_buf, to); if (!ret) { ret = UADK_DO_SOFT; @@ -1736,34 +1699,35 @@ static int uadk_e_rsa_public_verify(int flen, const unsigned char *from, goto free_buf; } - ret_bn = NULL; ret_bn = BN_bin2bn((const unsigned char *)rsa_sess->req.dst, - rsa_sess->req.dst_bytes, ret_bn); + rsa_sess->req.dst_bytes, NULL); if (!ret_bn) { ret = UADK_DO_SOFT; goto free_buf; } - ret = rsa_get_verify_res(padding, to_bn, pub->n, ret_bn); + ret = rsa_get_verify_res(padding, pub->n, ret_bn); if (!ret) { ret = UADK_DO_SOFT; - goto free_buf; + goto free_bn; } len = BN_bn2binpad(ret_bn, from_buf, num_bytes); if (!len) { ret = UADK_DO_SOFT; - goto free_buf; + goto free_bn; } ret = check_rsa_pubdec_padding(to, num_bytes, from_buf, len, padding); if (!ret) { ret = UADK_DO_SOFT; - goto free_buf; + goto free_bn; } +free_bn: + BN_free(ret_bn); free_buf: - rsa_free_pub_bn_ctx(&bn_ctx, &from_buf); + rsa_free_pub_bn_ctx(&from_buf); free_sess: rsa_free_eng_session(rsa_sess); free_pkey: @@ -1786,7 +1750,7 @@ static RSA_METHOD *uadk_e_get_rsa_sw_methods(void) (void)RSA_meth_set_priv_enc(rsa_sw_meth, RSA_meth_get_priv_enc(meth)); (void)RSA_meth_set_pub_dec(rsa_sw_meth, RSA_meth_get_pub_dec(meth)); (void)RSA_meth_set_priv_dec(rsa_sw_meth, RSA_meth_get_priv_dec(meth)); - (void)RSA_meth_set_keygen(rsa_sw_meth, RSA_meth_get_keygen(meth)); + (void)RSA_meth_set_keygen(rsa_sw_meth, uadk_e_soft_rsa_keygen); (void)RSA_meth_set_mod_exp(rsa_sw_meth, RSA_meth_get_mod_exp(meth)); (void)RSA_meth_set_bn_mod_exp(rsa_sw_meth, RSA_meth_get_bn_mod_exp(meth)); @@ -1798,6 +1762,7 @@ static RSA_METHOD *uadk_e_get_rsa_hw_methods(void) { if (rsa_hw_meth) return rsa_hw_meth; + rsa_hw_meth = RSA_meth_new("uadk hardware rsa method", 0); if (!rsa_hw_meth) { fprintf(stderr, "failed to allocate rsa hardware method\n"); -- 2.33.0

1 0