diff --git a/Makefile.am b/Makefile.am index d462d2a0..5944addd 100644 --- a/Makefile.am +++ b/Makefile.am @@ -30,26 +30,28 @@ if !QAT_BORINGSSL qat_evp.c if QAT_PROVIDER - QAT_PROV_SRC = qat_prov_init.c \ - qat_prov_kmgmt_rsa.c \ - qat_prov_sign_rsa.c \ - qat_prov_rsa.c \ - qat_prov_kmgmt_ecx.c \ - qat_prov_exch_ecx.c \ - qat_prov_hw_ecx.c \ - qat_prov_sw_ecx.c \ - qat_prov_ciphers.c \ - qat_prov_kmgmt_ec.c \ - qat_prov_ecdsa.c \ - qat_prov_ecdh.c \ - qat_prov_dsa.c \ - qat_prov_kmgmt_dsa.c \ - qat_prov_dh.c \ - qat_prov_kmgmt_dh.c \ - qat_prov_hkdf.c \ - qat_prov_prf.c \ - qat_prov_cbc.c \ - qat_prov_sha3.c + QAT_PROV_SRC = qat_prov_init.c \ + qat_prov_kmgmt_rsa.c \ + qat_prov_sign_rsa.c \ + qat_prov_rsa.c \ + qat_prov_kmgmt_ecx.c \ + qat_prov_exch_ecx.c \ + qat_prov_hw_ecx.c \ + qat_prov_sw_ecx.c \ + qat_prov_ciphers.c \ + qat_prov_kmgmt_ec.c \ + qat_prov_ecdsa.c \ + qat_prov_ecdh.c \ + qat_prov_dsa.c \ + qat_prov_kmgmt_dsa.c \ + qat_prov_dh.c \ + qat_prov_kmgmt_dh.c \ + qat_prov_hkdf.c \ + qat_prov_prf.c \ + qat_prov_cbc.c \ + qat_prov_sha3.c \ + qat_prov_bio.c \ + qat_prov_capabilities.c endif diff --git a/qat_hw_gcm.c b/qat_hw_gcm.c index cdf9f990..89dea9a5 100644 --- a/qat_hw_gcm.c +++ b/qat_hw_gcm.c @@ -184,8 +184,12 @@ static int qat_session_data_init(EVP_CIPHER_CTX *ctx, qctx->session_data->cipherSetupData.cipherKeyLenInBytes = (Cpa32U)EVP_CIPHER_CTX_key_length(ctx); #endif - if (qctx->key_set) + if (qctx->key_set){ qctx->session_data->cipherSetupData.pCipherKey = (Cpa8U *)qctx->cipher_key; +#ifdef QAT_OPENSSL_PROVIDER + qctx->session_data->cipherSetupData.cipherKeyLenInBytes = (Cpa32U)qctx->keylen; +#endif + } /* Operation to perform */ if (enc) { diff --git a/qat_prov_bio.c b/qat_prov_bio.c new file mode 100644 index 00000000..04414d56 --- /dev/null +++ b/qat_prov_bio.c @@ -0,0 +1,242 @@ +#include +#include +#include +#include "qat_prov_bio.h" + +static OSSL_FUNC_BIO_new_file_fn *c_bio_new_file = NULL; +static OSSL_FUNC_BIO_new_membuf_fn *c_bio_new_membuf = NULL; +static OSSL_FUNC_BIO_read_ex_fn *c_bio_read_ex = NULL; +static OSSL_FUNC_BIO_write_ex_fn *c_bio_write_ex = NULL; +static OSSL_FUNC_BIO_gets_fn *c_bio_gets = NULL; +static OSSL_FUNC_BIO_puts_fn *c_bio_puts = NULL; +static OSSL_FUNC_BIO_ctrl_fn *c_bio_ctrl = NULL; +static OSSL_FUNC_BIO_up_ref_fn *c_bio_up_ref = NULL; +static OSSL_FUNC_BIO_free_fn *c_bio_free = NULL; +static OSSL_FUNC_BIO_vprintf_fn *c_bio_vprintf = NULL; + +int ossl_prov_bio_from_dispatch(const OSSL_DISPATCH *fns) +{ + for (; fns->function_id != 0; fns++) { + switch (fns->function_id) { + case OSSL_FUNC_BIO_NEW_FILE: + if (c_bio_new_file == NULL) + c_bio_new_file = OSSL_FUNC_BIO_new_file(fns); + break; + case OSSL_FUNC_BIO_NEW_MEMBUF: + if (c_bio_new_membuf == NULL) + c_bio_new_membuf = OSSL_FUNC_BIO_new_membuf(fns); + break; + case OSSL_FUNC_BIO_READ_EX: + if (c_bio_read_ex == NULL) + c_bio_read_ex = OSSL_FUNC_BIO_read_ex(fns); + break; + case OSSL_FUNC_BIO_WRITE_EX: + if (c_bio_write_ex == NULL) + c_bio_write_ex = OSSL_FUNC_BIO_write_ex(fns); + break; + case OSSL_FUNC_BIO_GETS: + if (c_bio_gets == NULL) + c_bio_gets = OSSL_FUNC_BIO_gets(fns); + break; + case OSSL_FUNC_BIO_PUTS: + if (c_bio_puts == NULL) + c_bio_puts = OSSL_FUNC_BIO_puts(fns); + break; + case OSSL_FUNC_BIO_CTRL: + if (c_bio_ctrl == NULL) + c_bio_ctrl = OSSL_FUNC_BIO_ctrl(fns); + break; + case OSSL_FUNC_BIO_UP_REF: + if (c_bio_up_ref == NULL) + c_bio_up_ref = OSSL_FUNC_BIO_up_ref(fns); + break; + case OSSL_FUNC_BIO_FREE: + if (c_bio_free == NULL) + c_bio_free = OSSL_FUNC_BIO_free(fns); + break; + case OSSL_FUNC_BIO_VPRINTF: + if (c_bio_vprintf == NULL) + c_bio_vprintf = OSSL_FUNC_BIO_vprintf(fns); + break; + } + } + + return 1; +} + +OSSL_CORE_BIO *ossl_prov_bio_new_file(const char *filename, const char *mode) +{ + if (c_bio_new_file == NULL) + return NULL; + return c_bio_new_file(filename, mode); +} + +OSSL_CORE_BIO *ossl_prov_bio_new_membuf(const char *filename, int len) +{ + if (c_bio_new_membuf == NULL) + return NULL; + return c_bio_new_membuf(filename, len); +} + +int ossl_prov_bio_read_ex(OSSL_CORE_BIO *bio, void *data, size_t data_len, + size_t *bytes_read) +{ + if (c_bio_read_ex == NULL) + return 0; + return c_bio_read_ex(bio, data, data_len, bytes_read); +} + +int ossl_prov_bio_write_ex(OSSL_CORE_BIO *bio, const void *data, size_t data_len, + size_t *written) +{ + if (c_bio_write_ex == NULL) + return 0; + return c_bio_write_ex(bio, data, data_len, written); +} + +int ossl_prov_bio_gets(OSSL_CORE_BIO *bio, char *buf, int size) +{ + if (c_bio_gets == NULL) + return -1; + return c_bio_gets(bio, buf, size); +} + +int ossl_prov_bio_puts(OSSL_CORE_BIO *bio, const char *str) +{ + if (c_bio_puts == NULL) + return -1; + return c_bio_puts(bio, str); +} + +int ossl_prov_bio_ctrl(OSSL_CORE_BIO *bio, int cmd, long num, void *ptr) +{ + if (c_bio_ctrl == NULL) + return -1; + return c_bio_ctrl(bio, cmd, num, ptr); +} + +int ossl_prov_bio_up_ref(OSSL_CORE_BIO *bio) +{ + if (c_bio_up_ref == NULL) + return 0; + return c_bio_up_ref(bio); +} + +int ossl_prov_bio_free(OSSL_CORE_BIO *bio) +{ + if (c_bio_free == NULL) + return 0; + return c_bio_free(bio); +} + +int ossl_prov_bio_vprintf(OSSL_CORE_BIO *bio, const char *format, va_list ap) +{ + if (c_bio_vprintf == NULL) + return -1; + return c_bio_vprintf(bio, format, ap); +} + +int ossl_prov_bio_printf(OSSL_CORE_BIO *bio, const char *format, ...) +{ + va_list ap; + int ret; + + va_start(ap, format); + ret = ossl_prov_bio_vprintf(bio, format, ap); + va_end(ap); + + return ret; +} + +#ifndef FIPS_MODULE + +/* No direct BIO support in the FIPS module */ + +static int bio_core_read_ex(BIO *bio, char *data, size_t data_len, + size_t *bytes_read) +{ + return ossl_prov_bio_read_ex(BIO_get_data(bio), data, data_len, bytes_read); +} + +static int bio_core_write_ex(BIO *bio, const char *data, size_t data_len, + size_t *written) +{ + return ossl_prov_bio_write_ex(BIO_get_data(bio), data, data_len, written); +} + +static long bio_core_ctrl(BIO *bio, int cmd, long num, void *ptr) +{ + return ossl_prov_bio_ctrl(BIO_get_data(bio), cmd, num, ptr); +} + +static int bio_core_gets(BIO *bio, char *buf, int size) +{ + return ossl_prov_bio_gets(BIO_get_data(bio), buf, size); +} + +static int bio_core_puts(BIO *bio, const char *str) +{ + return ossl_prov_bio_puts(BIO_get_data(bio), str); +} + +static int bio_core_new(BIO *bio) +{ + BIO_set_init(bio, 1); + + return 1; +} + +static BIO_METHOD *ossl_prov_ctx_get0_core_bio_method(QAT_PROV_CTX *ctx) +{ + if (ctx == NULL) + return NULL; + return ctx->corebiometh; +} + +static int bio_core_free(BIO *bio) +{ + BIO_set_init(bio, 0); + ossl_prov_bio_free(BIO_get_data(bio)); + + return 1; +} + +BIO_METHOD *ossl_bio_prov_init_bio_method(void) +{ + BIO_METHOD *corebiometh = NULL; + + corebiometh = BIO_meth_new(BIO_TYPE_CORE_TO_PROV, "BIO to Core filter"); + if (corebiometh == NULL + || !BIO_meth_set_write_ex(corebiometh, bio_core_write_ex) + || !BIO_meth_set_read_ex(corebiometh, bio_core_read_ex) + || !BIO_meth_set_puts(corebiometh, bio_core_puts) + || !BIO_meth_set_gets(corebiometh, bio_core_gets) + || !BIO_meth_set_ctrl(corebiometh, bio_core_ctrl) + || !BIO_meth_set_create(corebiometh, bio_core_new) + || !BIO_meth_set_destroy(corebiometh, bio_core_free)) { + BIO_meth_free(corebiometh); + return NULL; + } + + return corebiometh; +} + +BIO *ossl_bio_new_from_core_bio(QAT_PROV_CTX *provctx, OSSL_CORE_BIO *corebio) +{ + BIO *outbio; + BIO_METHOD *corebiometh = ossl_prov_ctx_get0_core_bio_method(provctx); + + if (corebiometh == NULL) + return NULL; + + if ((outbio = BIO_new(corebiometh)) == NULL) + return NULL; + if (!ossl_prov_bio_up_ref(corebio)) { + BIO_free(outbio); + return NULL; + } + BIO_set_data(outbio, corebio); + return outbio; +} + +#endif diff --git a/qat_prov_bio.h b/qat_prov_bio.h new file mode 100644 index 00000000..7aedcd55 --- /dev/null +++ b/qat_prov_bio.h @@ -0,0 +1,23 @@ +#include +#include +#include +#include "qat_provider.h" + +int ossl_prov_bio_from_dispatch(const OSSL_DISPATCH *fns); + +OSSL_CORE_BIO *ossl_prov_bio_new_file(const char *filename, const char *mode); +OSSL_CORE_BIO *ossl_prov_bio_new_membuf(const char *filename, int len); +int ossl_prov_bio_read_ex(OSSL_CORE_BIO *bio, void *data, size_t data_len, + size_t *bytes_read); +int ossl_prov_bio_write_ex(OSSL_CORE_BIO *bio, const void *data, size_t data_len, + size_t *written); +int ossl_prov_bio_gets(OSSL_CORE_BIO *bio, char *buf, int size); +int ossl_prov_bio_puts(OSSL_CORE_BIO *bio, const char *str); +int ossl_prov_bio_ctrl(OSSL_CORE_BIO *bio, int cmd, long num, void *ptr); +int ossl_prov_bio_up_ref(OSSL_CORE_BIO *bio); +int ossl_prov_bio_free(OSSL_CORE_BIO *bio); +int ossl_prov_bio_vprintf(OSSL_CORE_BIO *bio, const char *format, va_list ap); +int ossl_prov_bio_printf(OSSL_CORE_BIO *bio, const char *format, ...); + +BIO_METHOD *ossl_bio_prov_init_bio_method(void); +BIO *ossl_bio_new_from_core_bio(QAT_PROV_CTX *provctx, OSSL_CORE_BIO *corebio); diff --git a/qat_prov_capabilities.c b/qat_prov_capabilities.c new file mode 100644 index 00000000..750d3a8e --- /dev/null +++ b/qat_prov_capabilities.c @@ -0,0 +1,189 @@ +#include +#include +#include +#include +/* For TLS1_VERSION etc */ +#include +#include +#include "qat_provider.h" + +/* If neither ec or dh is available then we have no TLS-GROUP capabilities */ +#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) + +# define OSSL_TLS_GROUP_ID_sect163k1 0x0001 +# define OSSL_TLS_GROUP_ID_sect163r1 0x0002 +# define OSSL_TLS_GROUP_ID_sect163r2 0x0003 +# define OSSL_TLS_GROUP_ID_sect193r1 0x0004 +# define OSSL_TLS_GROUP_ID_sect193r2 0x0005 +# define OSSL_TLS_GROUP_ID_sect233k1 0x0006 +# define OSSL_TLS_GROUP_ID_sect233r1 0x0007 +# define OSSL_TLS_GROUP_ID_sect239k1 0x0008 +# define OSSL_TLS_GROUP_ID_sect283k1 0x0009 +# define OSSL_TLS_GROUP_ID_sect283r1 0x000A +# define OSSL_TLS_GROUP_ID_sect409k1 0x000B +# define OSSL_TLS_GROUP_ID_sect409r1 0x000C +# define OSSL_TLS_GROUP_ID_sect571k1 0x000D +# define OSSL_TLS_GROUP_ID_sect571r1 0x000E +# define OSSL_TLS_GROUP_ID_secp160k1 0x000F +# define OSSL_TLS_GROUP_ID_secp160r1 0x0010 +# define OSSL_TLS_GROUP_ID_secp160r2 0x0011 +# define OSSL_TLS_GROUP_ID_secp192k1 0x0012 +# define OSSL_TLS_GROUP_ID_secp192r1 0x0013 +# define OSSL_TLS_GROUP_ID_secp224k1 0x0014 +# define OSSL_TLS_GROUP_ID_secp224r1 0x0015 +# define OSSL_TLS_GROUP_ID_secp256k1 0x0016 +# define OSSL_TLS_GROUP_ID_secp256r1 0x0017 +# define OSSL_TLS_GROUP_ID_secp384r1 0x0018 +# define OSSL_TLS_GROUP_ID_secp521r1 0x0019 +# define OSSL_TLS_GROUP_ID_brainpoolP256r1 0x001A +# define OSSL_TLS_GROUP_ID_brainpoolP384r1 0x001B +# define OSSL_TLS_GROUP_ID_brainpoolP512r1 0x001C +# define OSSL_TLS_GROUP_ID_x25519 0x001D +# define OSSL_TLS_GROUP_ID_x448 0x001E +# define OSSL_TLS_GROUP_ID_ffdhe2048 0x0100 +# define OSSL_TLS_GROUP_ID_ffdhe3072 0x0101 +# define OSSL_TLS_GROUP_ID_ffdhe4096 0x0102 +# define OSSL_TLS_GROUP_ID_ffdhe6144 0x0103 +# define OSSL_TLS_GROUP_ID_ffdhe8192 0x0104 + +typedef struct tls_group_constants_st { + unsigned int group_id; /* Group ID */ + unsigned int secbits; /* Bits of security */ + int mintls; /* Minimum TLS version, -1 unsupported */ + int maxtls; /* Maximum TLS version (or 0 for undefined) */ + int mindtls; /* Minimum DTLS version, -1 unsupported */ + int maxdtls; /* Maximum DTLS version (or 0 for undefined) */ +} TLS_GROUP_CONSTANTS; + +static const TLS_GROUP_CONSTANTS group_list[35] = { + { OSSL_TLS_GROUP_ID_sect163k1, 80, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_sect163r1, 80, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_sect163r2, 80, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_sect193r1, 80, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_sect193r2, 80, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_sect233k1, 112, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_sect233r1, 112, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_sect239k1, 112, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_sect283k1, 128, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_sect283r1, 128, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_sect409k1, 192, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_sect409r1, 192, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_sect571k1, 256, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_sect571r1, 256, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_secp160k1, 80, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_secp160r1, 80, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_secp160r2, 80, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_secp192k1, 80, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_secp192r1, 80, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_secp224k1, 112, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_secp224r1, 112, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_secp256k1, 128, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_secp256r1, 128, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_secp384r1, 192, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_secp521r1, 256, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_brainpoolP256r1, 128, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_brainpoolP384r1, 192, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_brainpoolP512r1, 256, TLS1_VERSION, TLS1_2_VERSION, + DTLS1_VERSION, DTLS1_2_VERSION }, + { OSSL_TLS_GROUP_ID_x25519, 128, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + { OSSL_TLS_GROUP_ID_x448, 224, TLS1_VERSION, 0, DTLS1_VERSION, 0 }, + /* Security bit values as given by BN_security_bits() */ + { OSSL_TLS_GROUP_ID_ffdhe2048, 112, TLS1_3_VERSION, 0, -1, -1 }, + { OSSL_TLS_GROUP_ID_ffdhe3072, 128, TLS1_3_VERSION, 0, -1, -1 }, + { OSSL_TLS_GROUP_ID_ffdhe4096, 128, TLS1_3_VERSION, 0, -1, -1 }, + { OSSL_TLS_GROUP_ID_ffdhe6144, 128, TLS1_3_VERSION, 0, -1, -1 }, + { OSSL_TLS_GROUP_ID_ffdhe8192, 192, TLS1_3_VERSION, 0, -1, -1 }, +}; + +#define TLS_GROUP_ENTRY(tlsname, realname, algorithm, idx) \ + { \ + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME, \ + tlsname, \ + sizeof(tlsname)), \ + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL, \ + realname, \ + sizeof(realname)), \ + OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, \ + algorithm, \ + sizeof(algorithm)), \ + OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, \ + (unsigned int *)&group_list[idx].group_id), \ + OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS, \ + (unsigned int *)&group_list[idx].secbits), \ + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, \ + (unsigned int *)&group_list[idx].mintls), \ + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, \ + (unsigned int *)&group_list[idx].maxtls), \ + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, \ + (unsigned int *)&group_list[idx].mindtls), \ + OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, \ + (unsigned int *)&group_list[idx].maxdtls), \ + OSSL_PARAM_END \ + } + +static const OSSL_PARAM param_group_list[][10] = { + TLS_GROUP_ENTRY("secp256r1", "prime256v1", "EC", 22), + TLS_GROUP_ENTRY("P-256", "prime256v1", "EC", 22), /* Alias of above */ + TLS_GROUP_ENTRY("secp384r1", "secp384r1", "EC", 23), + TLS_GROUP_ENTRY("P-384", "secp384r1", "EC", 23), /* Alias of above */ + TLS_GROUP_ENTRY("secp521r1", "secp521r1", "EC", 24), + TLS_GROUP_ENTRY("P-521", "secp521r1", "EC", 24), /* Alias of above */ + + TLS_GROUP_ENTRY("x25519", "X25519", "X25519", 28), + TLS_GROUP_ENTRY("x448", "X448", "X448", 29), + + /* Security bit values for FFDHE groups are as per RFC 7919 */ + TLS_GROUP_ENTRY("ffdhe2048", "ffdhe2048", "DH", 30), + TLS_GROUP_ENTRY("ffdhe3072", "ffdhe3072", "DH", 31), + TLS_GROUP_ENTRY("ffdhe4096", "ffdhe4096", "DH", 32), + TLS_GROUP_ENTRY("ffdhe6144", "ffdhe6144", "DH", 33), + TLS_GROUP_ENTRY("ffdhe8192", "ffdhe8192", "DH", 34), +}; +#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ + +static int tls_group_capability(OSSL_CALLBACK *cb, void *arg) +{ +#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) + size_t i; + + for (i = 0; i < OSSL_NELEM(param_group_list); i++) + if (!cb(param_group_list[i], arg)) + return 0; +#endif + + return 1; +} + +int qat_prov_get_capabilities(void *provctx, const char *capability, + OSSL_CALLBACK *cb, void *arg) +{ + if (strcasecmp(capability, "TLS-GROUP") == 0) + return tls_group_capability(cb, arg); + + /* We don't support this capability */ + return 0; +} diff --git a/qat_prov_ciphers.c b/qat_prov_ciphers.c index 5dba0390..6bbfa44c 100644 --- a/qat_prov_ciphers.c +++ b/qat_prov_ciphers.c @@ -61,6 +61,7 @@ #define AEAD_FLAGS (PROV_CIPHER_FLAG_AEAD | PROV_CIPHER_FLAG_CUSTOM_IV) +#if defined(ENABLE_QAT_HW_GCM) || defined(ENABLE_QAT_SW_GCM) void qat_gcm_initctx(void *provctx, QAT_GCM_CTX *ctx, size_t keybits, size_t ivlen_min) { @@ -449,4 +450,4 @@ QAT_aes_gcm_cipher(qat_aes, gcm, GCM, AEAD_FLAGS, 128, 8, 96, NID_aes_128_gcm); QAT_aes_gcm_cipher(qat_aes, gcm, GCM, AEAD_FLAGS, 192, 8, 96, NID_aes_192_gcm); /* qat_aes256gcm_functions */ QAT_aes_gcm_cipher(qat_aes, gcm, GCM, AEAD_FLAGS, 256, 8, 96, NID_aes_256_gcm); - +#endif diff --git a/qat_prov_ciphers.h b/qat_prov_ciphers.h index bf632c48..d42742d7 100644 --- a/qat_prov_ciphers.h +++ b/qat_prov_ciphers.h @@ -62,7 +62,8 @@ # include "cpa_types.h" # include "cpa_cy_sym.h" # include "cpa_cy_drbg.h" -#else +#endif +# ifdef ENABLE_QAT_SW_GCM # include #endif @@ -226,7 +227,8 @@ typedef struct qat_gcm_ctx_st { /* Flag to keep track of key passed */ int key_set; -#else +#endif +#ifdef ENABLE_QAT_SW_GCM struct gcm_key_data key_data; struct gcm_context_data gcm_ctx; int init_flags; diff --git a/qat_prov_dsa.c b/qat_prov_dsa.c index 6d151784..d03bc2a9 100644 --- a/qat_prov_dsa.c +++ b/qat_prov_dsa.c @@ -61,6 +61,60 @@ static OSSL_FUNC_signature_freectx_fn qat_dsa_freectx; static OSSL_FUNC_signature_set_ctx_params_fn qat_dsa_set_ctx_params; static OSSL_FUNC_signature_settable_ctx_params_fn qat_dsa_settable_ctx_params; +typedef int CRYPTO_REF_COUNT; + +struct evp_signature_st { + int name_id; + char *type_name; + const char *description; + OSSL_PROVIDER *prov; + CRYPTO_REF_COUNT refcnt; + CRYPTO_RWLOCK *lock; + + OSSL_FUNC_signature_newctx_fn *newctx; + OSSL_FUNC_signature_sign_init_fn *sign_init; + OSSL_FUNC_signature_sign_fn *sign; + OSSL_FUNC_signature_verify_init_fn *verify_init; + OSSL_FUNC_signature_verify_fn *verify; + OSSL_FUNC_signature_verify_recover_init_fn *verify_recover_init; + OSSL_FUNC_signature_verify_recover_fn *verify_recover; + OSSL_FUNC_signature_digest_sign_init_fn *digest_sign_init; + OSSL_FUNC_signature_digest_sign_update_fn *digest_sign_update; + OSSL_FUNC_signature_digest_sign_final_fn *digest_sign_final; + OSSL_FUNC_signature_digest_sign_fn *digest_sign; + OSSL_FUNC_signature_digest_verify_init_fn *digest_verify_init; + OSSL_FUNC_signature_digest_verify_update_fn *digest_verify_update; + OSSL_FUNC_signature_digest_verify_final_fn *digest_verify_final; + OSSL_FUNC_signature_digest_verify_fn *digest_verify; + OSSL_FUNC_signature_freectx_fn *freectx; + OSSL_FUNC_signature_dupctx_fn *dupctx; + OSSL_FUNC_signature_get_ctx_params_fn *get_ctx_params; + OSSL_FUNC_signature_gettable_ctx_params_fn *gettable_ctx_params; + OSSL_FUNC_signature_set_ctx_params_fn *set_ctx_params; + OSSL_FUNC_signature_settable_ctx_params_fn *settable_ctx_params; + OSSL_FUNC_signature_get_ctx_md_params_fn *get_ctx_md_params; + OSSL_FUNC_signature_gettable_ctx_md_params_fn *gettable_ctx_md_params; + OSSL_FUNC_signature_set_ctx_md_params_fn *set_ctx_md_params; + OSSL_FUNC_signature_settable_ctx_md_params_fn *settable_ctx_md_params; +} /* EVP_SIGNATURE */; + +static EVP_SIGNATURE get_default_dsa_signature() +{ + static EVP_SIGNATURE s_signature; + static int initialized = 0; + if (!initialized) { + EVP_SIGNATURE *signature = (EVP_SIGNATURE *)EVP_SIGNATURE_fetch(NULL, "DSA", "provider=default"); + if (signature) { + s_signature = *signature; + EVP_SIGNATURE_free((EVP_SIGNATURE *)signature); + initialized = 1; + } else { + WARN("EVP_SIGNATURE_fetch from default provider failed"); + } + } + return s_signature; +} + static __inline__ int CRYPTO_UP_REF(int *val, int *ret, ossl_unused void *lock) { *ret = __atomic_fetch_add(val, 1, __ATOMIC_RELAXED) + 1; @@ -522,6 +576,164 @@ static const OSSL_PARAM *qat_dsa_settable_ctx_params(void *vpdsactx, return settable_ctx_params; } +static int qat_dsa_digest_sign_init(void *vpdsactx, const char *mdname, + void *vdsa, const OSSL_PARAM params[]) +{ + typedef int (*fun_ptr)(void *vpdsactx, const char *mdname, + void *vdsa, const OSSL_PARAM params[]); + fun_ptr fun = get_default_dsa_signature().digest_sign_init; + if (!fun) + return 0; + return fun(vpdsactx, mdname, vdsa, params); +} + +int qat_dsa_digest_signverify_update(void *vpdsactx, const unsigned char *data, + size_t datalen) +{ + QAT_PROV_DSA_CTX *pdsactx = (QAT_PROV_DSA_CTX *)vpdsactx; + + if (pdsactx == NULL || pdsactx->mdctx == NULL) + return 0; + + return EVP_DigestUpdate(pdsactx->mdctx, data, datalen); +} + + +int qat_dsa_digest_sign_final(void *vpdsactx, unsigned char *sig, size_t *siglen, + size_t sigsize) +{ + QAT_PROV_DSA_CTX *pdsactx = (QAT_PROV_DSA_CTX *)vpdsactx; + unsigned char digest[EVP_MAX_MD_SIZE]; + unsigned int dlen = 0; + + if (!qat_prov_is_running() || pdsactx == NULL || pdsactx->mdctx == NULL) + return 0; + + /* + * If sig is NULL then we're just finding out the sig size. Other fields + * are ignored. Defer to dsa_sign. + */ + if (sig != NULL) { + /* + * There is the possibility that some externally provided + * digests exceed EVP_MAX_MD_SIZE. We should probably handle that somehow - + * but that problem is much larger than just in DSA. + */ + if (!EVP_DigestFinal_ex(pdsactx->mdctx, digest, &dlen)) + return 0; + } + + pdsactx->flag_allow_md = 1; + + return qat_dsa_sign(vpdsactx, sig, siglen, sigsize, digest, (size_t)dlen); +} + + +static int qat_dsa_digest_verify_init(void *vpdsactx, const char *mdname, + void *vdsa, const OSSL_PARAM params[]) +{ + typedef int (*fun_ptr)(void *vpdsactx, const char *mdname, + void *vdsa, const OSSL_PARAM params[]); + fun_ptr fun = get_default_dsa_signature().digest_verify_init; + if (!fun) + return 0; + return fun(vpdsactx, mdname, vdsa, params); +} + + +int qat_dsa_digest_verify_final(void *vpdsactx, const unsigned char *sig, + size_t siglen) +{ + QAT_PROV_DSA_CTX *pdsactx = (QAT_PROV_DSA_CTX *)vpdsactx; + unsigned char digest[EVP_MAX_MD_SIZE]; + unsigned int dlen = 0; + + if (!qat_prov_is_running() || pdsactx == NULL || pdsactx->mdctx == NULL) + return 0; + + /* + * There is the possibility that some externally provided + * digests exceed EVP_MAX_MD_SIZE. We should probably handle that somehow - + * but that problem is much larger than just in DSA. + */ + if (!EVP_DigestFinal_ex(pdsactx->mdctx, digest, &dlen)) + return 0; + + pdsactx->flag_allow_md = 1; + + return qat_dsa_verify(vpdsactx, sig, siglen, digest, (size_t)dlen); +} + + +static void *qat_dsa_dupctx(void *vpdsactx) +{ + typedef void * (*fun_ptr)(void *vpdsactx); + fun_ptr fun = get_default_dsa_signature().dupctx; + if (!fun) + return NULL; + return fun(vpdsactx); +} + + +static int qat_dsa_get_ctx_params(void *vpdsactx, OSSL_PARAM *params) +{ + typedef int (*fun_ptr)(void *vpdsactx, OSSL_PARAM *params); + fun_ptr fun = get_default_dsa_signature().get_ctx_params; + if (!fun) + return 0; + return fun(vpdsactx, params); +} + + +static const OSSL_PARAM *qat_dsa_gettable_ctx_params(ossl_unused void *ctx, + ossl_unused void *provctx) +{ + typedef const OSSL_PARAM * (*fun_ptr)(ossl_unused void *ctx, + ossl_unused void *provctx); + fun_ptr fun = get_default_dsa_signature().gettable_ctx_params; + if (!fun) + return NULL; + return fun(ctx, provctx); +} + + +static int qat_dsa_get_ctx_md_params(void *vpdsactx, OSSL_PARAM *params) +{ + typedef int (*fun_ptr)(void *vpdsactx, OSSL_PARAM *params); + fun_ptr fun = get_default_dsa_signature().get_ctx_md_params; + if (!fun) + return 0; + return fun(vpdsactx, params); +} + +static const OSSL_PARAM *qat_dsa_gettable_ctx_md_params(void *vpdsactx) +{ + typedef const OSSL_PARAM * (*fun_ptr)(void *vpdsactx); + fun_ptr fun = get_default_dsa_signature().gettable_ctx_md_params; + if (!fun) + return NULL; + return fun(vpdsactx); +} + +static int qat_dsa_set_ctx_md_params(void *vpdsactx, const OSSL_PARAM params[]) +{ + typedef int (*fun_ptr)(void *vpdsactx, const OSSL_PARAM params[]); + fun_ptr fun = get_default_dsa_signature().set_ctx_md_params; + if (!fun) + return 0; + return fun(vpdsactx, params); +} + +static const OSSL_PARAM *qat_dsa_settable_ctx_md_params(void *vpdsactx) +{ + typedef const OSSL_PARAM * (*fun_ptr)(void *vpdsactx); + fun_ptr fun = get_default_dsa_signature().settable_ctx_md_params; + if (!fun) + return NULL; + return fun(vpdsactx); +} + + const OSSL_DISPATCH qat_dsa_signature_functions[] = { {OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))qat_dsa_newctx}, {OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))qat_dsa_sign_init}, @@ -531,6 +743,30 @@ const OSSL_DISPATCH qat_dsa_signature_functions[] = { {OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))qat_dsa_freectx}, {OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))qat_dsa_set_ctx_params}, {OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, (void (*)(void))qat_dsa_settable_ctx_params}, + { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, + (void (*)(void))qat_dsa_digest_sign_init }, + { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, + (void (*)(void))qat_dsa_digest_signverify_update }, + { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, + (void (*)(void))qat_dsa_digest_sign_final }, + { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, + (void (*)(void))qat_dsa_digest_verify_init }, + { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, + (void (*)(void))qat_dsa_digest_signverify_update }, + { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, + (void (*)(void))qat_dsa_digest_verify_final }, + { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))qat_dsa_dupctx }, + { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))qat_dsa_get_ctx_params }, + { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, + (void (*)(void))qat_dsa_gettable_ctx_params }, + { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, + (void (*)(void))qat_dsa_get_ctx_md_params }, + { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, + (void (*)(void))qat_dsa_gettable_ctx_md_params }, + { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, + (void (*)(void))qat_dsa_set_ctx_md_params }, + { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, + (void (*)(void))qat_dsa_settable_ctx_md_params }, {0, NULL}}; #endif /* QAT_HW */ diff --git a/qat_prov_ecdsa.c b/qat_prov_ecdsa.c index d9a15588..fbdd6454 100644 --- a/qat_prov_ecdsa.c +++ b/qat_prov_ecdsa.c @@ -63,7 +63,6 @@ # include "qat_sw_ec.h" #endif -#ifdef QAT_SW typedef struct evp_signature_st { int name_id; char *type_name; @@ -115,7 +114,7 @@ static QAT_EVP_SIGNATURE get_default_ECDSA_signature() } return s_signature; } -#endif + static const OSSL_PARAM settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), @@ -534,6 +533,153 @@ static const OSSL_PARAM *qat_signature_ecdsa_settable_ctx_params(void *vctx, return settable_ctx_params; } +static int qat_ecdsa_digest_sign_init(void *vctx, const char *mdname, void *ec, + const OSSL_PARAM params[]) +{ + typedef int (*fun_ptr)(void *vctx, const char *mdname, void *ec, + const OSSL_PARAM params[]); + fun_ptr fun = get_default_ECDSA_signature().digest_sign_init; + if (!fun) + return 0; + return fun(vctx, mdname, ec, params); + +} + +int qat_ecdsa_digest_signverify_update(void *vctx, const unsigned char *data, + size_t datalen) +{ + QAT_PROV_ECDSA_CTX *ctx = (QAT_PROV_ECDSA_CTX *)vctx; + + if (ctx == NULL || ctx->mdctx == NULL) + return 0; + + return EVP_DigestUpdate(ctx->mdctx, data, datalen); +} + +int qat_ecdsa_digest_sign_final(void *vctx, unsigned char *sig, size_t *siglen, + size_t sigsize) +{ + QAT_PROV_ECDSA_CTX *ctx = (QAT_PROV_ECDSA_CTX *)vctx; + unsigned char digest[EVP_MAX_MD_SIZE]; + unsigned int dlen = 0; + + if (!qat_prov_is_running() || ctx == NULL || ctx->mdctx == NULL) + return 0; + + /* + * If sig is NULL then we're just finding out the sig size. Other fields + * are ignored. Defer to ecdsa_sign. + */ + if (sig != NULL + && !EVP_DigestFinal_ex(ctx->mdctx, digest, &dlen)) + return 0; + ctx->flag_allow_md = 1; + return qat_signature_ecdsa_sign(vctx, sig, siglen, sigsize, digest, (size_t)dlen); +} + +static int qat_ecdsa_digest_verify_init(void *vctx, const char *mdname, void *ec, + const OSSL_PARAM params[]) +{ + typedef int (*fun_ptr)(void *vctx, const char *mdname, void *ec, + const OSSL_PARAM params[]); + fun_ptr fun = get_default_ECDSA_signature().digest_verify_init; + if (!fun) + return 0; + return fun(vctx, mdname, ec, params); +} + +int qat_ecdsa_digest_verify_final(void *vctx, const unsigned char *sig, + size_t siglen) +{ + QAT_PROV_ECDSA_CTX *ctx = (QAT_PROV_ECDSA_CTX *)vctx; + unsigned char digest[EVP_MAX_MD_SIZE]; + unsigned int dlen = 0; + + if (!qat_prov_is_running() || ctx == NULL || ctx->mdctx == NULL) + return 0; + + if (!EVP_DigestFinal_ex(ctx->mdctx, digest, &dlen)) + return 0; + ctx->flag_allow_md = 1; + return qat_signature_ecdsa_verify(ctx, sig, siglen, digest, (size_t)dlen); +} + +static void *qat_ecdsa_dupctx(void *vctx) +{ + typedef void * (*fun_ptr)(void *vctx); + fun_ptr fun = get_default_ECDSA_signature().dupctx; + if (!fun) + return NULL; + return fun(vctx); +} + +static int qat_ecdsa_get_ctx_params(void *vctx, OSSL_PARAM *params) +{ + typedef int (*fun_ptr)(void *vctx, OSSL_PARAM *params); + fun_ptr fun = get_default_ECDSA_signature().get_ctx_params; + if (!fun) + return 0; + return fun(vctx, params); +} + +static const OSSL_PARAM *qat_ecdsa_gettable_ctx_params(void *vctx, + void *provctx) +{ + typedef const OSSL_PARAM * (*fun_ptr)(void *vctx, + void *provctx); + fun_ptr fun = get_default_ECDSA_signature().gettable_ctx_params; + if (!fun) + return NULL; + return fun(vctx, provctx); +} + +static const OSSL_PARAM *qat_ecdsa_settable_ctx_params(void *vctx, + void *provctx) +{ + typedef const OSSL_PARAM * (*fun_ptr)(void *vctx, + void *provctx); + fun_ptr fun = get_default_ECDSA_signature().settable_ctx_params; + if (!fun) + return NULL; + return fun(vctx, provctx); +} + +static int qat_ecdsa_get_ctx_md_params(void *vctx, OSSL_PARAM *params) +{ + typedef int (*fun_ptr)(void *vctx, OSSL_PARAM *params); + fun_ptr fun = get_default_ECDSA_signature().get_ctx_md_params; + if (!fun) + return 0; + return fun(vctx, params); +} + +static const OSSL_PARAM *qat_ecdsa_gettable_ctx_md_params(void *vctx) +{ + typedef const OSSL_PARAM * (*fun_ptr)(void *vctx); + fun_ptr fun = get_default_ECDSA_signature().gettable_ctx_md_params; + if (!fun) + return NULL; + return fun(vctx); +} + +static int qat_ecdsa_set_ctx_md_params(void *vctx, const OSSL_PARAM params[]) +{ + typedef int (*fun_ptr)(void *vctx, const OSSL_PARAM params[]); + fun_ptr fun = get_default_ECDSA_signature().set_ctx_md_params; + if (!fun) + return 0; + return fun(vctx, params); +} + +static const OSSL_PARAM *qat_ecdsa_settable_ctx_md_params(void *vctx) +{ + typedef const OSSL_PARAM * (*fun_ptr)(void *vctx); + fun_ptr fun = get_default_ECDSA_signature().settable_ctx_md_params; + if (!fun) + return 0; + return fun(vctx); +} + const OSSL_DISPATCH qat_ecdsa_signature_functions[] = { { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))qat_signature_ecdsa_newctx }, { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))qat_signature_ecdsa_sign_init }, @@ -544,5 +690,31 @@ const OSSL_DISPATCH qat_ecdsa_signature_functions[] = { { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))qat_signature_ecdsa_set_ctx_params }, { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, (void (*)(void))qat_signature_ecdsa_settable_ctx_params }, + { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, + (void (*)(void))qat_ecdsa_digest_sign_init }, + { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, + (void (*)(void))qat_ecdsa_digest_signverify_update }, + { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, + (void (*)(void))qat_ecdsa_digest_sign_final }, + { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, + (void (*)(void))qat_ecdsa_digest_verify_init }, + { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, + (void (*)(void))qat_ecdsa_digest_signverify_update }, + { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, + (void (*)(void))qat_ecdsa_digest_verify_final }, + { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))qat_ecdsa_dupctx }, + { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))qat_ecdsa_get_ctx_params }, + { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, + (void (*)(void))qat_ecdsa_gettable_ctx_params }, + { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, + (void (*)(void))qat_ecdsa_settable_ctx_params }, + { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, + (void (*)(void))qat_ecdsa_get_ctx_md_params }, + { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, + (void (*)(void))qat_ecdsa_gettable_ctx_md_params }, + { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, + (void (*)(void))qat_ecdsa_set_ctx_md_params }, + { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, + (void (*)(void))qat_ecdsa_settable_ctx_md_params }, {0, NULL} }; diff --git a/qat_prov_exch_ecx.c b/qat_prov_exch_ecx.c index d9cd42b9..dfe4c077 100644 --- a/qat_prov_exch_ecx.c +++ b/qat_prov_exch_ecx.c @@ -244,12 +244,22 @@ static void qat_ecx_freectx(void *vecxctx) OPENSSL_free(ecxctx); } +static void *qat_ecx_dupctx(void *vecxctx) +{ + typedef void * (*fun_ptr)(void *vecxctx); + fun_ptr fun = get_default_x25519_keyexch().dupctx; + if (!fun) + return NULL; + return fun(vecxctx); +} + const OSSL_DISPATCH qat_X25519_keyexch_functions[] = { { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))qat_x25519_newctx }, { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))qat_ecx_init }, { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))qat_ecx_derive25519 }, { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))qat_ecx_set_peer }, { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))qat_ecx_freectx }, + { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))qat_ecx_dupctx }, { 0, NULL } }; diff --git a/qat_prov_init.c b/qat_prov_init.c index fbe8afff..480d2447 100644 --- a/qat_prov_init.c +++ b/qat_prov_init.c @@ -13,6 +13,7 @@ #include "e_qat.h" #include "qat_fork.h" #include "qat_utils.h" +#include "qat_prov_bio.h" #ifdef QAT_SW # include "qat_sw_polling.h" @@ -315,6 +316,8 @@ static const OSSL_DISPATCH qat_dispatch_table[] = { {OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))qat_gettable_params}, {OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))qat_get_params}, {OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))qat_query}, + { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, + (void (*)(void))qat_prov_get_capabilities}, {0, NULL}}; /* Functions provided by the core */ @@ -420,6 +423,9 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, BIO_METHOD *corebiometh = NULL; QAT_DEBUG_LOG_INIT(); + if (!ossl_prov_bio_from_dispatch(in)) + return 0; + for (; in->function_id != 0; in++) { switch (in->function_id) { case OSSL_FUNC_CORE_GETTABLE_PARAMS: @@ -455,7 +461,7 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, qat_ctx->libctx = (OSSL_LIB_CTX *)c_get_libctx(handle); *provctx = (void *)qat_ctx; - corebiometh = OPENSSL_zalloc(sizeof(BIO_METHOD)); + corebiometh = ossl_bio_prov_init_bio_method(); qat_prov_ctx_set_core_bio_method(*provctx, corebiometh); *out = qat_dispatch_table; qat_prov_cache_exported_algorithms(qat_deflt_ciphers, qat_exported_ciphers); diff --git a/qat_prov_kmgmt_ecx.c b/qat_prov_kmgmt_ecx.c index aca89b12..c31c4476 100644 --- a/qat_prov_kmgmt_ecx.c +++ b/qat_prov_kmgmt_ecx.c @@ -72,23 +72,6 @@ QAT_ECX_KEYMGMT get_default_x25519_keymgmt() return s_keymgmt; } -QAT_ECX_KEYMGMT get_default_x448_keymgmt() -{ - static QAT_ECX_KEYMGMT s_keymgmt; - static int initialized = 0; - if (!initialized) { - QAT_ECX_KEYMGMT *keymgmt = (QAT_ECX_KEYMGMT *)EVP_KEYMGMT_fetch(NULL,"X448","provider=default"); - if (keymgmt) { - s_keymgmt = *keymgmt; - EVP_KEYMGMT_free((EVP_KEYMGMT *)keymgmt); - initialized = 1; - } else { - WARN("EVP_KEYMGMT_fetch from default provider failed"); - } - } - return s_keymgmt; -} - ECX_KEY *qat_ecx_key_new(OSSL_LIB_CTX *libctx, ECX_KEY_TYPE type, int haspubkey, const char *propq) { @@ -134,17 +117,6 @@ static void *qat_x25519_new_key(void *provctx) NULL); } -#ifdef QAT_HW -static void *qat_x448_new_key(void *provctx) -{ - if (!qat_prov_is_running()) - return 0; - return qat_ecx_key_new(prov_libctx_of(provctx), ECX_KEY_TYPE_X448, 0, - NULL); - -} -#endif - static int qat_ecx_has(const void *keydata, int selection) { const ECX_KEY *key = keydata; @@ -202,15 +174,15 @@ static void *qat_x25519_gen_init(void *provctx, int selection, static void *qat_x25519_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) { -#ifdef QAT_HW +#ifdef ENABLE_QAT_HW_ECX return qat_pkey_ecx_keygen(genctx,osslcb,cbarg); #endif -#ifdef QAT_SW +#ifdef ENABLE_QAT_SW_ECX return multibuff_x25519_keygen(genctx,osslcb,cbarg); #endif } -#ifdef QAT_HW +#ifdef ENABLE_QAT_HW_ECX static void *qat_x448_gen_init(void *provctx, int selection, const OSSL_PARAM params[]) { @@ -231,6 +203,182 @@ static void qat_ecx_gen_cleanup(void *genctx) OPENSSL_free(gctx); } +static int qat_x25519_get_params(void *key, OSSL_PARAM params[]) +{ + typedef int (*fun_ptr)(void *key, OSSL_PARAM params[]); + fun_ptr fun = get_default_x25519_keymgmt().get_params; + if (!fun) + return 0; + return fun(key, params); +} + +static const OSSL_PARAM *qat_x25519_gettable_params(void *provctx) +{ + typedef const OSSL_PARAM * (*fun_ptr)(void *provctx); + fun_ptr fun = get_default_x25519_keymgmt().gettable_params; + if (!fun) + return NULL; + return fun(provctx); +} + +static int qat_x25519_set_params(void *key, const OSSL_PARAM params[]) +{ + typedef int (*fun_ptr)(void *key, const OSSL_PARAM params[]); + fun_ptr fun = get_default_x25519_keymgmt().set_params; + if (!fun) + return 0; + return fun(key, params); +} + +static const OSSL_PARAM *qat_x25519_settable_params(void *provctx) +{ + typedef const OSSL_PARAM * (*fun_ptr)(void *provctx); + fun_ptr fun = get_default_x25519_keymgmt().settable_params; + if (!fun) + return NULL; + return fun(provctx); +} + +#ifdef ENABLE_QAT_HW_ECX +QAT_ECX_KEYMGMT get_default_x448_keymgmt() +{ + static QAT_ECX_KEYMGMT s_keymgmt; + static int initialized = 0; + if (!initialized) { + QAT_ECX_KEYMGMT *keymgmt = (QAT_ECX_KEYMGMT *)EVP_KEYMGMT_fetch(NULL,"X448","provider=default"); + if (keymgmt) { + s_keymgmt = *keymgmt; + EVP_KEYMGMT_free((EVP_KEYMGMT *)keymgmt); + initialized = 1; + } else { + WARN("EVP_KEYMGMT_fetch from default provider failed"); + } + } + return s_keymgmt; +} + +static void *qat_x448_new_key(void *provctx) +{ + if (!qat_prov_is_running()) + return 0; + return qat_ecx_key_new(prov_libctx_of(provctx), ECX_KEY_TYPE_X448, 0, + NULL); + +} + +static int qat_x448_get_params(void *key, OSSL_PARAM params[]) +{ + typedef int (*fun_ptr)(void *key, OSSL_PARAM params[]); + fun_ptr fun = get_default_x448_keymgmt().get_params; + if (!fun) + return 0; + return fun(key, params); +} + +static const OSSL_PARAM *qat_x448_gettable_params(void *provctx) +{ + typedef const OSSL_PARAM * (*fun_ptr)(void *provctx); + fun_ptr fun = get_default_x448_keymgmt().gettable_params; + if (!fun) + return NULL; + return fun(provctx); +} + +static int qat_x448_set_params(void *key, const OSSL_PARAM params[]) +{ + typedef int (*fun_ptr)(void *key, const OSSL_PARAM params[]); + fun_ptr fun = get_default_x448_keymgmt().set_params; + if (!fun) + return 0; + return fun(key, params); +} + +static const OSSL_PARAM *qat_x448_settable_params(void *provctx) +{ + typedef const OSSL_PARAM * (*fun_ptr)(void *provctx); + fun_ptr fun = get_default_x448_keymgmt().settable_params; + if (!fun) + return NULL; + return fun(provctx); +} +#endif + +static int qat_ecx_match(const void *keydata1, const void *keydata2, int selection) +{ + typedef int (*fun_ptr)(const void *keydata1, const void *keydata2, int selection); + fun_ptr fun = get_default_x25519_keymgmt().match; + if (!fun) + return 0; + return fun(keydata1, keydata2, selection); +} + +static int qat_ecx_import(void *keydata, int selection, const OSSL_PARAM params[]) +{ + typedef int (*fun_ptr)(void *keydata, int selection, const OSSL_PARAM params[]); + fun_ptr fun = get_default_x25519_keymgmt().import; + if (!fun) + return 0; + return fun(keydata, selection, params); +} + +static const OSSL_PARAM *qat_ecx_import_types(int selection) +{ + typedef const OSSL_PARAM * (*fun_ptr)(int selection); + fun_ptr fun = get_default_x25519_keymgmt().import_types; + if (!fun) + return NULL; + return fun(selection); +} + +static const OSSL_PARAM *qat_ecx_export_types(int selection) +{ + typedef const OSSL_PARAM * (*fun_ptr)(int selection); + fun_ptr fun = get_default_x25519_keymgmt().export_types; + if (!fun) + return NULL; + return fun(selection); +} + +static int qat_ecx_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, + void *cbarg) +{ + typedef int (*fun_ptr)(void *keydata, int selection, OSSL_CALLBACK *param_cb, + void *cbarg); + fun_ptr fun = get_default_x25519_keymgmt().export; + if (!fun) + return 0; + return fun(keydata, selection, param_cb, cbarg); +} + +static int qat_ecx_gen_set_params(void *genctx, const OSSL_PARAM params[]) +{ + typedef int (*fun_ptr)(void *genctx, const OSSL_PARAM params[]); + fun_ptr fun = get_default_x25519_keymgmt().gen_set_params; + if (!fun) + return 0; + return fun(genctx, params); +} + +static const OSSL_PARAM *qat_ecx_gen_settable_params(ossl_unused void *genctx, + ossl_unused void *provctx) +{ + typedef const OSSL_PARAM * (*fun_ptr)(ossl_unused void *genctx, + ossl_unused void *provctx); + fun_ptr fun = get_default_x25519_keymgmt().gen_settable_params; + if (!fun) + return NULL; + return fun(genctx, provctx); +} + +static void *qat_ecx_dup(const void *keydata_from, int selection) +{ + typedef void * (*fun_ptr)(const void *keydata_from, int selection); + fun_ptr fun = get_default_x25519_keymgmt().dup; + if (!fun) + return NULL; + return fun(keydata_from, selection); +} + const OSSL_DISPATCH qat_X25519_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))qat_x25519_new_key}, { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))qat_ecx_key_free}, @@ -239,9 +387,22 @@ const OSSL_DISPATCH qat_X25519_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))qat_x25519_gen}, { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void)) qat_ecx_gen_cleanup}, { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void)) qat_ecx_load}, + { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))qat_x25519_get_params }, + { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))qat_x25519_gettable_params }, + { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))qat_x25519_set_params }, + { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))qat_x25519_settable_params }, + { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))qat_ecx_match }, + { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))qat_ecx_import }, + { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))qat_ecx_import_types }, + { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))qat_ecx_export }, + { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))qat_ecx_export_types }, + { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))qat_ecx_gen_set_params }, + { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, + (void (*)(void))qat_ecx_gen_settable_params }, + { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))qat_ecx_dup }, { 0, NULL }}; -#ifdef QAT_HW +#ifdef ENABLE_QAT_HW_ECX const OSSL_DISPATCH qat_X448_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))qat_x448_new_key}, { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))qat_ecx_key_free}, @@ -250,5 +411,18 @@ const OSSL_DISPATCH qat_X448_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))qat_x448_gen}, { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void)) qat_ecx_gen_cleanup}, { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void)) qat_ecx_load}, + { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))qat_x448_get_params }, + { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))qat_x448_gettable_params }, + { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))qat_x448_set_params }, + { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))qat_x448_settable_params }, + { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))qat_ecx_match }, + { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))qat_ecx_import }, + { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))qat_ecx_import_types }, + { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))qat_ecx_export }, + { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))qat_ecx_export_types }, + { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))qat_ecx_gen_set_params }, + { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, + (void (*)(void))qat_ecx_gen_settable_params }, + { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))qat_ecx_dup }, { 0, NULL }}; #endif diff --git a/qat_prov_kmgmt_rsa.c b/qat_prov_kmgmt_rsa.c index d940469a..b91196d3 100644 --- a/qat_prov_kmgmt_rsa.c +++ b/qat_prov_kmgmt_rsa.c @@ -160,6 +160,126 @@ static const OSSL_PARAM *qat_keymgmt_rsa_import_types(int selection) return fun(selection); } +static void *qat_keymgmt_rsa_gen_init(void *provctx, int selection, + const OSSL_PARAM params[]) +{ + typedef void * (*fun_ptr)(void *, int, const OSSL_PARAM *); + fun_ptr fun = get_default_keymgmt().gen_init; + if (!fun) + return NULL; + return fun(provctx, selection, params); +} + +static int qat_keymgmt_rsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) +{ + typedef int (*fun_ptr)(void *, const OSSL_PARAM *); + fun_ptr fun = get_default_keymgmt().gen_set_params; + if (!fun) + return 0; + return fun(genctx, params); +} + +static const OSSL_PARAM *qat_keymgmt_rsa_gen_settable_params(ossl_unused void *genctx, + ossl_unused void *provctx) +{ + typedef const OSSL_PARAM * (*fun_ptr)(void *, void *); + fun_ptr fun = get_default_keymgmt().gen_settable_params; + if (!fun) + return NULL; + return fun(genctx, provctx); +} + +static void *qat_keymgmt_rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) +{ + typedef void * (*fun_ptr)(void *, OSSL_CALLBACK *, void *); + fun_ptr fun = get_default_keymgmt().gen; + if (!fun) + return NULL; + return fun(genctx, osslcb, cbarg); +} + +static void qat_keymgmt_rsa_gen_cleanup(void *genctx) +{ + typedef void (*fun_ptr)(void *); + fun_ptr fun = get_default_keymgmt().gen_cleanup; + if (!fun) + return; + fun(genctx); +} + +static void *qat_keymgmt_rsa_load(const void *reference, size_t reference_sz) +{ + typedef void * (*fun_ptr)(const void *, size_t); + fun_ptr fun = get_default_keymgmt().load; + if (!fun) + return NULL; + return fun(reference, reference_sz); +} + +static int qat_keymgmt_rsa_get_params(void *key, OSSL_PARAM params[]) +{ + typedef int (*fun_ptr)(void *, OSSL_PARAM *); + fun_ptr fun = get_default_keymgmt().get_params; + if (!fun) + return 0; + return fun(key, params); +} + +static const OSSL_PARAM *qat_keymgmt_rsa_gettable_params(void *provctx) +{ + typedef const OSSL_PARAM * (*fun_ptr)(void *); + fun_ptr fun = get_default_keymgmt().gettable_params; + if (!fun) + return NULL; + return fun(provctx); +} + +static int qat_keymgmt_rsa_match(const void *keydata1, const void *keydata2, int selection) +{ + typedef int (*fun_ptr)(const void *, const void *, int); + fun_ptr fun = get_default_keymgmt().match; + if (!fun) + return 0; + return fun(keydata1, keydata2, selection); +} + +static int qat_keymgmt_rsa_validate(const void *keydata, int selection, int checktype) +{ + typedef int (*fun_ptr)(const void *, int, int); + fun_ptr fun = get_default_keymgmt().validate; + if (!fun) + return 0; + return fun(keydata, selection, checktype); +} + +static int qat_keymgmt_rsa_export(void *keydata, int selection, + OSSL_CALLBACK *param_callback, void *cbarg) +{ + typedef int (*fun_ptr)(void *, int, OSSL_CALLBACK *, void *); + fun_ptr fun = get_default_keymgmt().export; + if (!fun) + return 0; + return fun(keydata, selection, param_callback, cbarg); +} + +static const OSSL_PARAM *qat_keymgmt_rsa_export_types(int selection) +{ + typedef const OSSL_PARAM * (*fun_ptr)(int); + fun_ptr fun = get_default_keymgmt().export_types; + if (!fun) + return NULL; + return fun(selection); +} + +static void *qat_keymgmt_rsa_dup(const void *keydata_from, int selection) +{ + typedef void * (*fun_ptr)(const void *, int); + fun_ptr fun = get_default_keymgmt().dup; + if (!fun) + return NULL; + return fun(keydata_from, selection); +} + const OSSL_DISPATCH qat_rsa_keymgmt_functions[] = { {OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))qat_keymgmt_rsa_newdata}, @@ -167,7 +287,21 @@ const OSSL_DISPATCH qat_rsa_keymgmt_functions[] = { {OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))qat_keymgmt_rsa_has}, {OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))qat_keymgmt_rsa_import}, {OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))qat_keymgmt_rsa_import_types}, + { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))qat_keymgmt_rsa_gen_init }, + { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, + (void (*)(void))qat_keymgmt_rsa_gen_set_params }, + { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, + (void (*)(void))qat_keymgmt_rsa_gen_settable_params }, + { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))qat_keymgmt_rsa_gen }, + { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))qat_keymgmt_rsa_gen_cleanup }, + { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))qat_keymgmt_rsa_load }, + { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))qat_keymgmt_rsa_get_params }, + { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))qat_keymgmt_rsa_gettable_params }, + { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))qat_keymgmt_rsa_match }, + { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))qat_keymgmt_rsa_validate }, + { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))qat_keymgmt_rsa_export }, + { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))qat_keymgmt_rsa_export_types }, + { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))qat_keymgmt_rsa_dup }, {0, NULL} }; - diff --git a/qat_prov_prf.c b/qat_prov_prf.c index c8c5d34c..63b793aa 100644 --- a/qat_prov_prf.c +++ b/qat_prov_prf.c @@ -177,13 +177,14 @@ static int qat_tls_prf_derive(void *vctx, unsigned char *key, size_t keylen, ctx->pctx); const EVP_MD *md; + if (!qat_prov_is_running() || !qat_tls_prf_set_ctx_params(ctx, params)) + return 0; + md = qat_prov_digest_md(&ctx->digest); if (md == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; } - if (!qat_prov_is_running() || !qat_tls_prf_set_ctx_params(ctx, params)) - return 0; if (ctx->P_hash == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); diff --git a/qat_prov_sign_rsa.c b/qat_prov_sign_rsa.c index a177aa19..6f0012da 100644 --- a/qat_prov_sign_rsa.c +++ b/qat_prov_sign_rsa.c @@ -52,6 +52,60 @@ static const unsigned char digestinfo_##name##_der[] = { \ ASN1_OCTET_STRING_, sz \ }; +typedef int CRYPTO_REF_COUNT; + +struct evp_signature_st { + int name_id; + char *type_name; + const char *description; + OSSL_PROVIDER *prov; + CRYPTO_REF_COUNT refcnt; + CRYPTO_RWLOCK *lock; + + OSSL_FUNC_signature_newctx_fn *newctx; + OSSL_FUNC_signature_sign_init_fn *sign_init; + OSSL_FUNC_signature_sign_fn *sign; + OSSL_FUNC_signature_verify_init_fn *verify_init; + OSSL_FUNC_signature_verify_fn *verify; + OSSL_FUNC_signature_verify_recover_init_fn *verify_recover_init; + OSSL_FUNC_signature_verify_recover_fn *verify_recover; + OSSL_FUNC_signature_digest_sign_init_fn *digest_sign_init; + OSSL_FUNC_signature_digest_sign_update_fn *digest_sign_update; + OSSL_FUNC_signature_digest_sign_final_fn *digest_sign_final; + OSSL_FUNC_signature_digest_sign_fn *digest_sign; + OSSL_FUNC_signature_digest_verify_init_fn *digest_verify_init; + OSSL_FUNC_signature_digest_verify_update_fn *digest_verify_update; + OSSL_FUNC_signature_digest_verify_final_fn *digest_verify_final; + OSSL_FUNC_signature_digest_verify_fn *digest_verify; + OSSL_FUNC_signature_freectx_fn *freectx; + OSSL_FUNC_signature_dupctx_fn *dupctx; + OSSL_FUNC_signature_get_ctx_params_fn *get_ctx_params; + OSSL_FUNC_signature_gettable_ctx_params_fn *gettable_ctx_params; + OSSL_FUNC_signature_set_ctx_params_fn *set_ctx_params; + OSSL_FUNC_signature_settable_ctx_params_fn *settable_ctx_params; + OSSL_FUNC_signature_get_ctx_md_params_fn *get_ctx_md_params; + OSSL_FUNC_signature_gettable_ctx_md_params_fn *gettable_ctx_md_params; + OSSL_FUNC_signature_set_ctx_md_params_fn *set_ctx_md_params; + OSSL_FUNC_signature_settable_ctx_md_params_fn *settable_ctx_md_params; +} /* EVP_SIGNATURE */; + +static EVP_SIGNATURE get_default_rsa_signature() +{ + static EVP_SIGNATURE s_signature; + static int initilazed = 0; + if (!initilazed) { + EVP_SIGNATURE *signature = (EVP_SIGNATURE *)EVP_SIGNATURE_fetch(NULL, "RSA", "provider=default"); + if (signature) { + s_signature = *signature; + EVP_SIGNATURE_free((EVP_SIGNATURE *)signature); + initilazed = 1; + } else { + WARN("EVP_SIGNATURE_fetch from default provider failed"); + } + } + return s_signature; +} + /* SHA-1 (1 3 14 3 2 26) */ static const unsigned char digestinfo_sha1_der[] = { ASN1_SEQUENCE, 0x0d + SHA_DIGEST_LENGTH, @@ -1642,6 +1696,164 @@ static const OSSL_PARAM *qat_signature_rsa_settable_ctx_params(void *vprsactx, return settable_ctx_params; } +static int qat_signature_rsa_digest_sign_init(void *vprsactx, const char *mdname, + void *vrsa, const OSSL_PARAM params[]) +{ + typedef int (*fun_ptr)(void *vprsactx, const char *mdname, + void *vrsa, const OSSL_PARAM params[]); + fun_ptr fun = get_default_rsa_signature().digest_sign_init; + if (!fun) + return 0; + return fun(vprsactx, mdname, vrsa, params); +} + +static int qat_signature_rsa_digest_signverify_update(void *vprsactx, + const unsigned char *data, + size_t datalen) +{ + QAT_PROV_RSA_CTX *prsactx = (QAT_PROV_RSA_CTX *)vprsactx; + + if (prsactx == NULL || prsactx->mdctx == NULL) + return 0; + + return EVP_DigestUpdate(prsactx->mdctx, data, datalen); +} + +static int qat_signature_rsa_digest_sign_final(void *vprsactx, unsigned char *sig, + size_t *siglen, size_t sigsize) +{ + QAT_PROV_RSA_CTX *prsactx = (QAT_PROV_RSA_CTX *)vprsactx; + unsigned char digest[EVP_MAX_MD_SIZE]; + unsigned int dlen = 0; + + if (!qat_prov_is_running() || prsactx == NULL) + return 0; + prsactx->flag_allow_md = 1; + if (prsactx->mdctx == NULL) + return 0; + /* + * If sig is NULL then we're just finding out the sig size. Other fields + * are ignored. Defer to rsa_sign. + */ + if (sig != NULL) { + /* + * The digests used here are all known (see rsa_get_md_nid()), so they + * should not exceed the internal buffer size of EVP_MAX_MD_SIZE. + */ + if (!EVP_DigestFinal_ex(prsactx->mdctx, digest, &dlen)) + return 0; + } + + return qat_signature_rsa_sign(vprsactx, sig, siglen, sigsize, + digest, (size_t)dlen); +} + +static int qat_signature_rsa_digest_verify_init(void *vprsactx, const char *mdname, + void *vrsa, const OSSL_PARAM params[]) +{ + typedef int (*fun_ptr)(void *vprsactx, const char *mdname, + void *vrsa, const OSSL_PARAM params[]); + fun_ptr fun = get_default_rsa_signature().digest_verify_init; + if (!fun) + return 0; + return fun(vprsactx, mdname, vrsa, params); +} + + +int qat_signature_rsa_digest_verify_final(void *vprsactx, const unsigned char *sig, + size_t siglen) +{ + QAT_PROV_RSA_CTX *prsactx = (QAT_PROV_RSA_CTX *)vprsactx; + unsigned char digest[EVP_MAX_MD_SIZE]; + unsigned int dlen = 0; + + if (!qat_prov_is_running()) + return 0; + + if (prsactx == NULL) + return 0; + prsactx->flag_allow_md = 1; + if (prsactx->mdctx == NULL) + return 0; + + /* + * The digests used here are all known (see rsa_get_md_nid()), so they + * should not exceed the internal buffer size of EVP_MAX_MD_SIZE. + */ + if (!EVP_DigestFinal_ex(prsactx->mdctx, digest, &dlen)) + return 0; + + return qat_signature_rsa_verify(vprsactx, sig, siglen, + digest, (size_t)dlen); +} + + +static void *qat_signature_rsa_dupctx(void *vprsactx) +{ + typedef void* (*fun_ptr)(void *vprsactx); + fun_ptr fun = get_default_rsa_signature().dupctx; + if (!fun) + return NULL; + return fun(vprsactx); +} + +static int qat_signature_rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) +{ + typedef int (*fun_ptr)(void *vprsactx, OSSL_PARAM *params); + fun_ptr fun = get_default_rsa_signature().get_ctx_params; + if (!fun) + return 0; + return fun(vprsactx, params); +} + +static const OSSL_PARAM *qat_signature_rsa_gettable_ctx_md_params(void *vprsactx) +{ + typedef const OSSL_PARAM * (*fun_ptr)(void *vprsactx); + fun_ptr fun = get_default_rsa_signature().gettable_ctx_md_params; + if (!fun) + return NULL; + return fun(vprsactx); +} + + +static int qat_signature_rsa_set_ctx_md_params(void *vprsactx, const OSSL_PARAM params[]) +{ + typedef int (*fun_ptr)(void *vprsactx, const OSSL_PARAM params[]); + fun_ptr fun = get_default_rsa_signature().set_ctx_md_params; + if (!fun) + return 0; + return fun(vprsactx, params); +} + +static const OSSL_PARAM *qat_signature_rsa_settable_ctx_md_params(void *vprsactx) +{ + typedef const OSSL_PARAM * (*fun_ptr)(void *vprsactx); + fun_ptr fun = get_default_rsa_signature().settable_ctx_md_params; + if (!fun) + return NULL; + return fun(vprsactx); +} + +static const OSSL_PARAM *qat_signature_rsa_gettable_ctx_params(ossl_unused void *vprsactx, + ossl_unused void *provctx) +{ + typedef const OSSL_PARAM * (*fun_ptr)(ossl_unused void *vprsactx, + ossl_unused void *provctx); + fun_ptr fun = get_default_rsa_signature().gettable_ctx_params; + if (!fun) + return NULL; + return fun(vprsactx, provctx); +} + +static int qat_signature_rsa_get_ctx_md_params(void *vprsactx, OSSL_PARAM *params) +{ + typedef int (*fun_ptr)(void *vprsactx, OSSL_PARAM *params); + fun_ptr fun = get_default_rsa_signature().get_ctx_md_params; + if (!fun) + return 0; + return fun(vprsactx, params); +} + const OSSL_DISPATCH qat_rsa_signature_functions[] = { {OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))qat_signature_rsa_newctx}, {OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))qat_signature_rsa_sign_init}, @@ -1656,5 +1868,29 @@ const OSSL_DISPATCH qat_rsa_signature_functions[] = { {OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))qat_signature_rsa_set_ctx_params}, {OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, (void (*)(void))qat_signature_rsa_settable_ctx_params}, + { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, + (void (*)(void))qat_signature_rsa_digest_sign_init }, + { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, + (void (*)(void))qat_signature_rsa_digest_signverify_update }, + { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, + (void (*)(void))qat_signature_rsa_digest_sign_final }, + { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, + (void (*)(void))qat_signature_rsa_digest_verify_init }, + { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, + (void (*)(void))qat_signature_rsa_digest_signverify_update }, + { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, + (void (*)(void))qat_signature_rsa_digest_verify_final }, + { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))qat_signature_rsa_dupctx }, + { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))qat_signature_rsa_get_ctx_params }, + { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, + (void (*)(void))qat_signature_rsa_gettable_ctx_params }, + { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, + (void (*)(void))qat_signature_rsa_get_ctx_md_params }, + { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, + (void (*)(void))qat_signature_rsa_gettable_ctx_md_params }, + { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, + (void (*)(void))qat_signature_rsa_set_ctx_md_params }, + { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, + (void (*)(void))qat_signature_rsa_settable_ctx_md_params }, {0, NULL} }; diff --git a/qat_provider.h b/qat_provider.h index 24f7ce96..b3722093 100644 --- a/qat_provider.h +++ b/qat_provider.h @@ -49,6 +49,7 @@ # include # include # include +# include # define QAT_PROVIDER_VERSION_STR "v0.6.13" # define QAT_PROVIDER_FULL_VERSION_STR "QAT Provider v0.6.13" @@ -78,6 +79,8 @@ static const char QAT_DEFAULT_PROPERTIES[] = "provider=qatprovider"; +OSSL_FUNC_provider_get_capabilities_fn qat_prov_get_capabilities; + typedef struct bio_method_st { int type; char *name;